Unauthorized Device Detection Device And Unauthorized Device Detection System

ABSTRACT

To provide an unauthorized device detection system capable of finding and specifying a device that was manufactured or altered unauthorizedly. A DVD player  400   a  writes its own device ID to a memory card  200   a . When a user purchases content, a register device  300  reads a media ID and the device ID from the memory card  200   a , and transmits the media ID and the device ID to a management server device  100 . The management server device  100  calculates, based on pairs of media IDs and device IDs stored beforehand and the received pair of media ID and device ID, a total number of media IDs corresponding to the received device ID, and compares the calculated total number with a threshold value. If the total number exceeds the threshold value, the management server device  100  judges that the DVD player identified by the received device ID is an unauthorized device.

TECHNICAL FIELD

The present invention relates to unauthorized device detection techniques for finding or specifying an unauthorized device altered or manufactured by copying.

BACKGROUND ART

In recent years, the development of multimedia-related technologies, the emergence of large-capacity recording media, and the like have led to the advent of systems that distribute digital content (hereafter “content”) made up of video, audio, and the like on large-capacity recording media such as optical discs or via a network or broadcasting.

In general, cryptography is employed to protect a copyright of content, that is, to protect content from unauthorized use such as unauthorized playback and copying. In detail, content encrypted using an encryption key is recorded on a recording medium such as an optical disc and distributed. Only a terminal in possession of a decryption key corresponding to the encryption key can decrypt the encrypted content read from the recording medium using the decryption key and play back the content.

Example methods of content encryption include a method of encrypting content itself using an encryption key so that the encrypted content is decrypted using a decryption key corresponding to the encryption key, and a method of encrypting content using a content key and further encrypting the content key using an encryption key so that the encrypted content key is decrypted using a decryption key corresponding to the encryption key and the encrypted content is decrypted using the decrypted content key.

The decryption key possessed by the terminal needs to be securely managed so as not to be revealed to outside. However, there is a danger that the decryption key may be revealed as a result of an unauthorized party conducting analysis inside the terminal. Once the decryption key has been revealed to the unauthorized party, the unauthorized party can manufacture a recording device or a playback device for unauthorized use of the content, or produce software for unauthorized use of the content and distribute it via an internet and the like. When this happens, a copyright holder wants to disable the revealed key so that the content is no longer treatable using the revealed key. This technique is called a key invalidation technique, and is disclosed in patent document 1 and patent document 2.

However, neither patent document 1 nor patent document 2 discloses a method of specifying the key revealed to outside (i.e. the key to be invalidated). This being so, a large number of recording devices, playback devices, or software distributed on a market and having a possibility of being unauthorized need to be collected and their internal structures analyzed in order to identify an unauthorized device or unauthorized software. This requires much labor and cost.

Meanwhile, patent document 3 discloses a mobile communication system, such as a mobile phone system, for detecting the existence of a clone terminal manufactured by unauthorized copying and notifying the existence to a maintenance entity, without providing a mobile terminal with a special function for clone terminal detection. This mobile communication system includes: a unit for making location registration to notify the system of a location of the mobile terminal so as to allow for reception processing by the mobile terminal; a unit for comparing location registration information submitted by another mobile terminal having a same phone number as the mobile terminal under control of a base station to which the other mobile terminal belongs, with location registration information corresponding to the last location registration made in the system; and a unit for detecting the existence of two or more mobile terminals having the same phone number based on a result of the comparison.

Patent document 1: Japanese Patent Application Publication No. 2000-31922

Patent document 2: Japanese Patent Application Publication No. 2002-281013

Patent document 3: Japanese Patent Application Publication No. 2000-184447

DISCLOSURE OF THE INVENTION Problems the Invention is going to Solve

However, given that a recording device or a playback device for recording or playing back content does not perform mobile communication like the above mobile communication system, it is not practical to apply the technique disclosed in patent document 3.

In view of this, the present invention aims to provide an unauthorized device detection device, an unauthorized device detection system, an unauthorized device detection method, and a computer program for unauthorized device detection that can find and specify an unauthorized device altered or manufactured by copying.

Means of Solving the Problems

The stated aim can be achieved by a detection device for detecting an unauthorized device manufactured by copying, including: a media number storage unit operable to store a total media number corresponding to a device identifier, the total media number being a total number of rewritable portable media used by one or more devices, including a target device, that hold the device identifier; a comparison unit operable to compare the total media number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total media number is greater than the threshold value.

EFFECTS OF THE INVENTION

According to this configuration, a device that is likely to be an unauthorized device manufactured by copying can be detected based on the number of portable media used by unauthorized devices.

Here, the detection device may further include: a calculation unit that includes: an acquisition unit operable to acquire, from a rewritable portable medium used by the target device, a media identifier for identifying the portable medium and the device identifier held by the target device; a storage unit operable to store, in correspondence with a device identifier held by each past target device, one or more media identifiers respectively for identifying one or more rewritable portable media used by the past target device; and a calculating unit operable to calculate, using the stored device identifier and one or more media identifiers and the acquired device identifier and media identifier, a total number of media identifiers corresponding to a same device identifier as the acquired device identifier, as the total media number, and write the calculated total media number to the media number storage unit.

According to this configuration, the total media number can be calculated reliably.

Here, the comparison unit may further compare the total media number with a warning value that is smaller than the threshold value, wherein the identifier storage unit further stores the device identifier if the total media number is no greater than the threshold value but is greater than the warning value.

According to this configuration, a device that is likely to be either an unauthorized device or a device that requires a warning can be detected.

Here, the target device may be a playback device for decrypting encrypted content and playing back the decrypted content, wherein the detection device further includes: a prohibition unit operable to prohibit to output a decryption key used for decrypting the encrypted content to the portable medium, if the total media number is greater than the threshold value; and an output unit operable to output the decryption key to the portable medium, if the total media number is no greater than the threshold value.

According to this configuration, when a device is presumed to be an unauthorized device, the output of the decryption key is prohibited so as to protect the content from unauthorized use.

Here, the detection device for detecting an unauthorized device manufactured by copying may include: a series number storage unit operable to store a total series number corresponding to a device identifier, the total series number being a total number of viewing history series of content viewed by one or more devices, including a target device, that hold the device identifier; a comparison unit operable to compare the total series number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total series number is greater than the threshold value.

According to this configuration, a device that is likely to be an unauthorized device manufactured by copying can be detected based on the number of viewing history series of content viewed by the device.

Here, the detection device for detecting an unauthorized device manufactured by copying may include: a storage unit operable to store, in correspondence with a device identifier held by each past target device, one or more content identifiers respectively for identifying one or more sets of content viewed by the past target device; an acquisition unit operable to acquire, from a rewritable portable medium used by a target device, one or more content identifiers respectively for identifying one or more sets of content viewed by the target device and a device identifier held by the target device; an extraction unit operable to extract one or more content identifiers corresponding to a same device identifier as the acquired device identifier, from the storage unit; a comparison unit operable to compare the extracted one or more content identifiers and the acquired one or more content identifiers; and a registration unit operable to register the acquired device identifier to an unauthorized device list, if none of the extracted one or more content identifiers matches any of the acquired one or more content identifiers.

According to this configuration, a device that is likely to be an unauthorized device manufactured by copying can be detected based on content viewed by the device.

Here, the storage unit may further store, in a one-to-one correspondence with the one or more content identifiers, one or more viewing ordinal numbers representing an order in which the one or more sets of content identified by the one or more content identifiers were viewed by the past target device, wherein the acquisition unit further acquires, in a one-to-one correspondence with the one or more content identifiers, one or more viewing ordinal numbers representing an order in which the one or more sets of content identified by the one or more content identifiers were viewed by the target device, the extraction unit further extracts one or more viewing ordinal numbers corresponding to the one or more content identifiers that correspond to the same device identifier as the acquired device identifier, from the storage unit, the comparison unit further compares the extracted one or more viewing ordinal numbers and the acquired one or more viewing ordinal numbers, and the registration unit further registers the acquired device identifier to the unauthorized device list, if the extracted one or more content identifiers match the acquired one or more content identifiers but a viewing ordinal number corresponding to one of the extracted one or more content identifiers is different from a viewing ordinal number corresponding to a matching one of the acquired one or more content identifiers.

According to this configuration, a device that is likely to be an unauthorized device manufactured by copying can be detected more precisely based on the content viewing order.

Here, the target device may be a playback device for decrypting encrypted content and playing back the decrypted content, wherein the detection device further includes: a prohibition unit operable to prohibit to output a decryption key used for decrypting the encrypted content to the portable medium, if none of the extracted one or more content identifiers matches any of the acquired one or more content identifiers; and an output unit operable to output the decryption key to the portable medium, if any of the extracted one or more content identifiers matches any of the acquired one or more content identifiers.

According to this configuration, when a device is presumed to be an unauthorized device, the output of the decryption key is prohibited to protect the content from unauthorized use.

Generally, the number of unauthorized devices is on the order of 1,000 or 10,000, whereas the number of portable media possessed by one user is 100 at most. This being so, the threshold value can be set at 100 as one example. Even when a user possesses a plurality of portable media, the number of media IDs corresponding to that user, counted based on a device ID of his/her device, should not exceed this threshold of 100. However, if there are 1,000 unauthorized devices having the same device ID, the number of media IDs counted based on the device ID will exceed 1,000, because a portable medium possessed by a user of each unauthorized device has a different media ID. Accordingly, when the threshold value of 100 is exceeded, that device ID can be judged as being used by unauthorized devices.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a system configuration diagram showing a configuration of an unauthorized device detection system 1.

FIG. 2 is a block diagram showing a configuration of a management server device 100.

FIG. 3 is a data structure diagram showing a data structure of a management table 120.

FIG. 4 is a data structure diagram showing a data structure of a device key list 130.

FIG. 5 is a data structure diagram showing a data structure of a content key list 140.

FIG. 6 is a data structure diagram showing a data structure of an advisory device list 150.

FIG. 7 is a data structure diagram showing a data structure of a warning device list 160.

FIG. 8 is a data structure diagram showing a data structure of an unauthorized device list 170.

FIG. 9 is a table showing patterns of control by a control unit 102.

FIG. 10 is a block diagram showing a configuration of a memory card 200.

FIG. 11 is a block diagram showing a configuration of a register device 300.

FIG. 12 is a block diagram showing a configuration of a DVD player 400.

FIG. 13 is a flowchart showing an operation of acquiring a device ID from a memory card 200 a by the DVD player 400.

FIG. 14 is a flowchart showing an operation of acquiring an encrypted content key from the management server device 100 by the register device 300, continuing to FIG. 15.

FIG. 15 is a flowchart showing the operation of acquiring the encrypted content key from the management server device 100 by the register device 300, continuing to FIG. 16.

FIG. 16 is a flowchart showing the operation of acquiring the encrypted content key from the management server device 100 by the register device 300, continuing to FIG. 17.

FIG. 17 is a flowchart showing the operation of acquiring the encrypted content key from the management server device 100 by the register device 300, continuing from FIG. 16.

FIG. 18 is a flowchart showing an operation of decrypting and playing back encrypted content by the DVD player 400, continuing to FIG. 19.

FIG. 19 is a flowchart showing the operation of decrypting and playing back the encrypted content by the DVD player 400, continuing from FIG. 18.

FIG. 20 is a block diagram showing a configuration of a memory card 200 e as a modification.

FIG. 21 is a data structure diagram showing a data structure of a server history information list 120 e held by the management server device 100 as a modification.

FIG. 22 is a flowchart showing an operation of the DVD player when playing back content as a modification.

FIG. 23 is a flowchart showing an operation of each device when purchasing a DVD as a modification, continuing to FIG. 24.

FIG. 24 is a flowchart showing the operation of each device when purchasing the DVD as the modification, continuing from FIG. 23.

FIG. 25 shows a first example of comparison between group α and group β.

FIG. 26 shows a second example of comparison between group α and group β.

FIG. 27 shows a third example of comparison between group α and group β.

FIG. 28 is a data structure diagram showing a data structure of a user history information list 231 f held by the memory card 200 e as a modification.

FIG. 29 is a data structure diagram showing a data structure of a server history information list 120 f held by the management server device 100 as a modification.

FIG. 30 is a flowchart showing an operation of the management server device 100 when purchasing a DVD.

FIG. 31 shows a first example of comparison between group α and group β.

FIG. 32 shows a second example of comparison between group α and group β.

FIG. 33 is a flowchart showing an operation of the management server device 100 when purchasing a DVD as a modification.

FIG. 34 is a data structure diagram showing a data structure of an extracted server history information group 621.

BEST MODE FOR CARRYING OUT THE INVENTION

1. Unauthorized Device Detection System 1

The following describes an unauthorized device detection system 1 as one embodiment of the present invention.

1.1. Overview of the Unauthorized Device Detection System 1

The unauthorized device detection system 1 includes a management server device 100, a register device 300, and DVD players 400 a, . . . , 400 b, 400 c, . . . , 400 d, as shown in FIG. 1. The management server device 100 and the register device 300 are connected to each other via an internet 10.

The DVD players 400 a, . . . , 400 b are authorized players manufactured by an authorized manufacturer, and each hold a device ID for uniquely identifying the DVD player itself. For example, a total number of the DVD players 400 a, . . . , 400 b is 10,000.

Meanwhile, the DVD players 400 c, . . . , 400 d are players manufactured by an unauthorized manufacturer copying the DVD player 400 b, and each hold a same device ID as the one for uniquely identifying the DVD player 400 b. For example, a total number of the DVD players 400 c, 400 d is 10,000.

Before a user of the DVD player 400 a purchases a new DVD, the user loads a memory card 200 a to the DVD player 400 a. The memory card 200 a stores a media ID for uniquely identifying the memory card 200 a itself. When the memory card 200 a is loaded, the DVD player 400 a writes the device ID stored therein onto the memory card 200 a.

Next, when purchasing the DVD, the user brings the memory card 200 a on which the device ID for identifying the DVD player 400 a is stored, to a shop. The user selects a desired DVD package 500 at the shop. The DVD package 500 contains a DVD 500 a. The user then hands the memory card 200 a and the DVD package 500 to a shop clerk who operates the register device 300. The shop clerk loads the memory card 200 a to the register device 300, and scans a barcode shown on the DVD package 500 using a barcode reader of the register device 300.

The register device 300 reads a content ID of content stored on the DVD 500 a contained in the DVD package 500, from the barcode shown on the DVD package 500. The register device 300 also reads the device ID and the media ID from the loaded memory card 200 a, and transmits the content ID and the read pair of device ID and media ID to the management server device 100 via the internet 10.

The management server device 100 stores, in correspondence with each device ID for identifying a DVD player, one or more media ID respectively for identifying one or more memory cards loaded to the DVD player and a total media ID number showing a total number of these memory cards.

Having received the content ID, the device ID, and the media ID from the register device 300 via the internet 10, the management server device 100 judges whether the received device ID is stored in the management server device 100. If the received device ID is stored, the management server device 100 further judges whether the received media ID is stored in the management server device 100. If the received media ID is not stored, the management server device 100 stores the received media ID in correspondence with the device ID, and adds the value “1” to a total media ID number corresponding to the device ID. If the received device ID is not stored, the management server device 100 stores the pair of device ID and media ID, and sets the total media ID number to “1”.

Next, the management server device 100 judges which of the following ranges the total media ID number corresponding to the received device ID belongs to: (i) no more than “100”; (ii) from “101 to “150” inclusive; (iii) from “151” to “199” inclusive; and (iv) no less than “200”.

If the total media ID number is no more than “100” (i), the management server device 100 encrypts a content key corresponding to the received content ID, and transmits the encrypted content key to the register device 300 via the internet 10 together with a device judgment level indicating that the device used by the user is not an unauthorized device.

If the total media ID number is in the range of “101” to “150” inclusive (ii), the management server device 100 registers the received device ID to an advisory device list held therein, encrypts the content key corresponding to the received content ID, and transmits the encrypted content key to the register device 300 via the internet 10 together with a device judgment level indicating that the device used by the user requires an advisory (i.e. a caution).

If the total media ID number is in the range of “151” to “199” inclusive (iii), the management server device 100 registers the received device ID to a warning device list held therein, encrypts the content key corresponding to the received content ID, and transmits the encrypted content key to the register device 300 via the internet 10 together with a device judgment level indicating that the device used by the user requires a warning.

If the total media ID number is no less than “200” (iv), the management server device 100 registers the received device ID to an unauthorized device list held therein, and transmits a device judgment level indicating that the device used by the user is an unauthorized device, to the register device 300 via the internet 10. In this case, the content key is not transmitted to the register device 300.

The register device 300 receives the device judgment level from the management server device 100 via the internet 10. The register device 300 may also receive the encrypted content key.

If the received device judgment level indicates that the DVD player used by the user is not an unauthorized device (i), the register device 300 writes the received encrypted content key to the memory card 200 a. In this case, the user pays a price of the DVD package 500 to the shop.

If the received device judgment level indicates that the device used by the user requires an advisory (ii), the register device 300 displays an advisory, and writes the received encrypted content key to the memory card 200 a. In this case, the user pays the price of the DVD package 500 to the shop.

If the received device judgment level indicates that the device used by the user requires a warning (iii), the register device 300 displays a warning, and requests the operator to input an instruction as to whether or not to approve the provision of the encrypted content key. If the instruction approves the provision, the register device 300 writes the received encrypted content key to the memory card 200 a. In this case, the user pays the price of the DVD package 500 to the shop. If the instruction does not approve the provision, the register device 300 does not provide the received encrypted content key to the user. In this case, the shop refuses to sell the DVD package 500 to the user.

If the received device judgment level indicates that the device used by the user is an unauthorized device (iv), the register device 300 displays that the device used by the user is unauthorized, and ends the processing. The register device 300 does not provide the encrypted content key to the user. In this case, the shop refuses to sell the DVD package 500 to the user.

In the above cases (i), (ii), and (iii), having purchased the DVD package 500 and returned from the shop with the memory card 200 a and the DVD package 500, the user loads the memory card 200 a to the DVD player 400 a, and loads the DVD 500 a contained in the DVD package 500 to the DVD player 400 a.

The DVD player 400 a reads the encrypted content key from the memory card 200 a, decrypts the encrypted content key to generate a decrypted content key, and decrypts the encrypted content on the DVD 500 a using the decrypted content key to generate decrypted content. The DVD player 400 a converts the decrypted content to a video signal and an audio signal, and outputs the video signal and the audio signal to a monitor 411 a.

Here, the DVD players 400 a, . . . , 400 b are 10,000 in total, and each have a different device ID. For example, when the user of each of the DVD players 400 a, . . . , 400 b has ten memory cards and has undergone the aforementioned operation for each memory card, the total media ID number stored in the management server device 100 in correspondence with each device ID is 10 at most. In such a case, the management server device 100 judges that each of the DVD players 400 a, . . . , 400 b is an authorized device.

On the other hand, the DVD players 400 c, . . . , 400 d are 10,000 in total, and have the same device ID. For example, when the user of each of the DVD players 400 c, . . . , 400 d has one memory card and has undergone the aforementioned operation for that memory card, the total media ID number stored in the management server device 100 in correspondence with this device ID is 10,000. In such a case, the management server device 100 judges that each of the DVD players 400 c, . . . , 400 d is an unauthorized device. In this way, the management server device 100 can determine whether a DVD player is authorized or unauthorized.

1.2. Configuration of the Management Server Device 100

The management server device 100 includes a communication unit 101, a control unit 102, a management table storage unit 103, a content key storage unit 104, a selection unit 105, a device key storage unit 106, an encryption unit 107, a device list storage unit 108, an input unit 110, a display unit 111, and an authentication unit 112, as shown in FIG. 2.

The management server device 100 can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored on the RAM or the hard disk unit. Functions of the management server device 100 can partly be achieved by the microprocessor operating in accordance with this computer program.

(1) Management Table Storage Unit 103, Content Key Storage Unit 104, Device Key Storage Unit 106, and Device List Storage Unit 108

The management table storage unit 103, the content key storage unit 104, the device key storage unit 106, and the device list storage unit 108 are actually constituted by one hard disk unit.

(Management Table Storage Unit 103)

The management table storage unit 103 has a management table 120, as shown in FIG. 2.

As one example, the management table 120 has an area for storing one or more sets of media ID information, as shown in FIG. 3. Normally, one set of media ID information corresponds to one authorized device (DVD player in this embodiment). If there is an unauthorized device that stores a device ID unauthorizedly, however, one set of media ID information corresponds to all devices storing the same device ID. Each set of media ID information includes a device ID, at least one media ID, and a total media ID number.

The device ID is identification information for uniquely identifying a device corresponding to the media ID information that includes the device ID. As mentioned above, however, if there is an unauthorized device that stores the device ID unauthorizedly, the device ID may be unable to uniquely identify one device.

The media ID is identification information for uniquely identifying a memory card used in a state of being loaded in the device corresponding to the media ID information that includes the media ID.

The total media ID number shows a total number of media IDs included in the media ID information that includes the total media ID number.

As shown in FIG. 3, the management table 120 is made up of media ID information 128, 129, . . . .

The media ID information 128 includes a device ID 121 “ID-A”, a media ID 122 “MID-1”, a media ID 123 “MID-5”, and a total media ID number 124 “2”. This indicates that two memory cards identified by “MID-1” and “MID-5” are loaded and used in a device (DVD player) identified by “ID-A”.

The media ID information 129 includes a device ID 125 “ID-B”, a media ID 126 “MID-2”, and a total media ID number 127 “1”. This indicates that one memory card identified by “MID-2” is loaded and used in a device (DVD player) identified by “ID-B”.

(Device Key Storage Unit 106)

The device key storage unit 106 has a device key list 130, as shown in FIG. 2.

As one example, the device key list 130 is made up of one or more sets of device key information as shown in FIG. 4. One set of device key information corresponds to one device (DVD player in this embodiment), and includes a device ID and a device key. However, if there is an unauthorized device, the correspondence relation between device key information and a device is as explained above.

The device ID is identification information for uniquely identifying a device corresponding to the device key information that includes the device ID.

The device key is key information assigned to the device corresponding to the device key information that includes the device key. For example, the device key is 128 bits long.

As shown in FIG. 4, the device key list 130 is made up of device key information 133, 134, . . . . The device key information 133 includes a device ID 131 “ID-A” and a device key 132 “DK-A”. This indicates that a device key assigned to a device (DVD player) identified by “ID-A” is “DK-A”.

(Content Key Storage Unit 104)

The content key storage unit 104 has a content key list 140, as shown in FIG. 2.

As one example, the content key list 140 is made up of one or more sets of content key information 143, 144, 145, . . . as shown in FIG. 5. Each set of content key information corresponds to one set of content, and includes a content ID and a content key. For instance, the content key information 143 includes a content ID 141 “C001” and a content key 142 “CK-1”.

The content ID is identification information for uniquely identifying content corresponding to the content key information that includes the content ID.

The content key is key information assigned to the content corresponding to the content key information that includes the content key.

(Device List Storage Unit 108)

The device list storage unit 108 includes an advisory device list 150, a warning device list 160, and an unauthorized device list 170, as shown in FIG. 2.

The advisory device list 150 has an area for storing one or more advisory device IDs as shown in FIG. 6, as one example. An advisory device ID is identification information for uniquely identifying a device that is judged as requiring an advisory, as mentioned above.

As shown in FIG. 6, the advisory device list 150 includes an advisory device ID 151 “ID-X005”, an advisory device ID 152 “ID-Y007”, an advisory device ID 153 “ID-Z009”, . . . . This indicates that devices (DVD players) identified by “ID-X005”, “ID-Y007”, and “ID-Z009” require an advisory.

The warning device list 160 has an area for storing one or more warning device IDs as shown in FIG. 7, as one example. A warning device ID is identification information for uniquely identifying a device that is judged as requiring a warning, as mentioned above.

As shown in FIG. 7, the warning device list 160 includes a warning device ID 161 “ID-X003”, a warning device ID 162 “ID-Y004”, a warning device ID 163 “ID-Z004”, . . . . This indicates that devices (DVD players) identified by “ID-X003”, “ID-Y004”, and “ID-Z004” require a warning.

The unauthorized device list 170 has an area for storing one or more unauthorized device IDs as shown in FIG. 8, as one example. An unauthorized device ID is identification information for uniquely identifying a device that is judged as being unauthorized, as mentioned above.

As shown in FIG. 8, the unauthorized device list 170 includes an unauthorized device ID 171 “ID-X001”, an unauthorized device ID 172 “ID-Y002”, an unauthorized device ID 173 “ID-Z005”, . . . . This indicates that devices (DVD players) identified by “ID-X001”, “ID-Y002”, and “ID-Z005” are unauthorized.

(2) Control Unit 102

(Mutual Device Authentication with the Register Device 300)

The control unit 102 receives a connection request from the register device 300 via the internet 10 and the communication unit 101. Upon receiving the connection request, the control unit 102 instructs the authentication unit 112 to perform mutual device authentication with the register device 300.

Subsequently, the control unit 102 receives authentication result information indicating a result of the mutual device authentication from the authentication unit 112. If the received authentication result information indicates mutual device authentication failure, the control unit 102 ends the processing. If the received authentication result information indicates mutual device authentication success, the control unit 102 performs the following processing.

(Transmission of a Content Key)

The control unit 102 receives a content key request, a content ID, a device ID, and a media ID from the register device 300 via the internet 10 and the communication unit 101.

Having received the content key request, the content ID, the device ID, and the media ID, the control unit 102 searches the management table 120 for the same device ID as the received device ID. If the same device ID is not found in the management table 120, the control unit 102 sets a total media ID number to “1”, and writes the received device ID and media ID and the total media ID number to the management table 120 as media ID information.

If the same device ID is found in the management table 120, the control unit 102 extracts media ID information that includes the same device ID from the management table 120, and judges whether the extracted media ID information includes the same media ID as the received media ID. If the extracted media ID information does not include the same media ID, the control unit 102 adds “1” to a total media ID number in the extracted media ID information, and writes the received media ID to the extracted media ID information. The control unit 102 then writes the media ID information to which the media ID has been added, to the management table 120 over the corresponding old media ID information.

If the extracted media ID information includes the same media ID as the received media ID, the control unit 102 does not update the extracted media ID information.

Next, the control unit 102 judges which of the following ranges the total media ID number belongs to: (i) no more than “100”; (ii) from “101” to “150” inclusive; (iii) from “151” to “199” inclusive; and (iv) no less than “200”.

Each of the above four cases is explained below. In FIG. 9, a table 180 shows a general outline of processing by the control unit 102 for each of the four cases respectively in fields 181, 182, 183, and 184.

When the total media ID number is no more than “100” (i) or when the same device ID as the received device ID cannot be found in the management table 120 in the above operation, the control unit 102 sets the device judgment level to “0” indicating that the device used by the user is not an unauthorized device. The control unit 102 transmits the device judgment level set to “0”, to the register device 300 via the communication unit 101 and the internet 10. The control unit 102 also outputs the received content ID to the selection unit 105, and instructs the selection unit 105 to select a content key. The control unit 102 further outputs the received device ID to the encryption unit 107, and instructs the encryption unit 107 to encrypt the content key (field 189).

When the total media ID number is in the range of “101” to “150” inclusive (ii), the control unit 102 sets the device judgment level to “1” indicating that the device used by the user requires an advisory. The control unit 102 transmits the device judgment level set to “1”, to the register device 300 via the communication unit 101 and the internet 10. The control unit 102 also adds the received device ID to the advisory device list 150 (field 194). The control unit 102 outputs the received content ID to the selection unit 105, and instructs the selection unit 105 to select the content key. The control unit 102 also outputs the received device ID to the encryption unit 107, and instructs the encryption unit 107 to encrypt the content key (field 190).

When the total media ID number is in the range of “151” to “199” inclusive (iii), the control unit 102 sets the device judgment level to “2” indicating that the device used by the user requires a warning. The control unit 102 transmits the device judgment level set to “2”, to the register device 300 via the communication unit 101 and the internet 10. The control unit 102 also adds the received device ID to the warning device list 160 (field 195). Further, the control unit 102 receives an instruction as to whether or not to approve the provision of the content key to the user, from the register device 300 via the internet 10 and the communication unit 101. If the received instruction does not approve the provision, the control unit 102 ends the processing. If the received instruction approves the provision, the control unit 102 outputs the received content ID to the selection unit 105, and instructs the selection unit 105 to select the content key. The control unit 102 also outputs the received device ID to the encryption unit 107, and instructs the encryption unit 107 to encrypt the content key (field 191).

When the total media ID number is no less than “200” (iv), the control unit 102 sets the device judgment level to “3” indicating that the device used by the user is an unauthorized device. The control unit 102 adds the received device ID to the unauthorized device list 170 (field 196). The control unit 102 also transmits the device judgment level set to “3”, to the register device 300 via the communication unit 101 and the internet 10. The control unit 102 then ends the processing (field 192).

(3) Selection Unit 105

The selection unit 105 receives the content ID and the content key selection instruction from the control unit 102. Upon receiving the content ID and the content key selection instruction, the selection unit 105 reads content key information that includes the same content ID as the received content ID from the content key list 140, extracts a content key from the read content key information, and outputs the extracted content key to the encryption unit 107.

(4) Encryption Unit 107

The encryption unit 107 receives the device ID and the content key encryption instruction from the control unit 102, and receives the content key from the selection unit 105. The encryption unit 107 reads device key information that includes the same device ID as the received device ID from the device key list 130, and extracts a device key from the read device key information.

The encryption unit 107 applies encryption algorithm E1 to the received content key using the extracted device key, to generate an encrypted content key: (encrypted content key)=E1((device key), (content key))

where A=E (B, C) denotes cipher text A generated by applying encryption algorithm E to plain text C using key B.

Encryption algorithm E1 used here is an AES (Advanced Encryption Standard) algorithm, as one example.

The encryption unit 107 transmits the generated encrypted content key to the register device 300 via the communication unit 101 and the internet 10.

In FIG. 2, each block representing a different one of the configuration units of the management server device 100 is connected to other blocks by connecting lines, though some connecting lines are omitted in FIG. 2. Here, each connecting line indicates a path through which a signal or information is transmitted. Among a plurality of connecting lines connected to the block representing the encryption unit 107, a connecting line marked with a key symbol indicates a path through which key information is transmitted to the encryption unit 107. The same applies to other drawings.

(5) Input Unit 110 and Display Unit 111

The input unit 110 receives an input of various information or an input of various instructions from an operator of the management server device 100, and outputs the received information or instructions to the control unit 102.

The display unit 111 displays various information in accordance with instructions from the control unit 102.

(6) Authentication Unit 112

The authentication unit 112 performs challenge-response mutual device authentication with the register device 300 via the communication unit 101 and the internet 10, according to an instruction from the control unit 102. In the mutual device authentication, the authentication unit 112 authenticates the register device 300, and is subject to the authentication by the register device 300.

Since the aforementioned mutual device authentication is well known in the art, its detailed explanation has been omitted here.

When the mutual device authentication results in success or failure, the authentication unit 112 outputs authentication result information indicating the success or failure to the control unit 102.

(7) Communication Unit 101

The communication unit 101 conducts transmission/reception of various information between the register device 300 and the control unit 102. Also, the communication unit 101 conducts transmission/reception of various information between the register device 300 and the authentication unit 112.

1.3. Configuration of the Memory Card 200

The memory card 200 includes an input/output unit 201, an authentication unit 202, and a storage unit 203, as shown in FIG. 10.

The memory card 200 can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, and the like. A computer program is stored on the RAM. Functions of the memory card 200 can partly be achieved by the microprocessor operating in accordance with this computer program.

The following describes each element that constitutes the memory card 200.

(1) Storage Unit 203

The storage unit 203 has a media ID area 204 and a general area 205, as shown in FIG. 10.

The media ID area 204 stores a media ID 211, as shown in FIG. 10. The media ID 211 is identification information for uniquely identifying the memory card 200.

The general area 205 has an encrypted content key list 221, as shown in FIG. 10. As illustrated, the encrypted content key list 221 has an area for storing one or more sets of encrypted content key information.

Each set of encrypted content key information includes one device ID and at least one pair of content ID and encrypted content key. One set of encrypted content key information corresponds to one device (DVD player in this embodiment), and one pair of content ID and encrypted content key corresponds to one set of content. If there is an unauthorized device that stores the device ID unauthorizedly, however, one set of encrypted content key information corresponds to all devices storing the same device ID.

The device ID is identification information for uniquely identifying a device (DVD player in this embodiment). As mentioned above, however, if there is an unauthorized device that stores the device ID unauthorizedly, the device ID may be unable to uniquely identify one device.

The content ID is identification information for uniquely identifying content corresponding to the pair that includes the content ID.

The encrypted content key is generated by encrypting a content key, which is used when encrypting the content corresponding to the pair that includes the encrypted content key, using a device key assigned to the corresponding device.

In FIG. 10, encrypted content key information 236 includes a device ID 231 “ID-A”, a pair 237 of a content ID 232 “C001” and an encrypted content key 234 “E1 (DK-A, CK-1)”, and a pair 238 of a content ID 233 “C002” and an encrypted content key 238 “E1(DK-A, CK-2)”.

The encrypted content key 234 “E1(DK-A, CK-1)” in the pair 237 is generated by encrypting a content key “CK-1” assigned to content identified by the content ID 232 “C001”, using a device key “DK-A” assigned to a DVD player identified by the device ID 231 “ID-A”.

Meanwhile, the encrypted content key 235 “E1(DK-A, CK-2)” in the pair 238 is generated by encrypting a content key “CK-2” assigned to content identified by the content ID 233 “C002”, using the device key “DK-A” assigned to the DVD player identified by the device ID 231 “ID-A”.

(2) Input/Output Unit 201

The input/output unit 201 reads information from the media ID area 204 or the general area 205 in the storage unit 203, and outputs the read information to an external device in which the memory device 200 is loaded. Also, the input/output unit 201 receives information from the external device, and writes the received information to the general area 205 in the storage unit 203. The external device referred to here is any of the register device 300 and the DVD players 400 a, . . . , 400 b, 400 c, . . . , 400 d.

(3) Authentication Unit 202

The authentication unit 202 performs, when the memory card 200 is loaded to an external device, mutual device authentication with the external device via the input/output unit 201. The device authentication referred to here is challenge-response device authentication. Since the challenge-response device authentication is well known in the art, its detailed explanation has been omitted here.

The external device referred to here is any of the register device 300 and the DVD-players 400 a, . . . , 400 b, 400 c, . . . , 400 d.

If the mutual device authentication with the external device results in success, the authentication unit 202 controls the input/output unit 201 to perform transmission/reception of information between the storage unit 203 and the external device. If the mutual device authentication results in failure, the authentication unit 202 controls the input/output unit 201 not to perform transmission/reception of information between the storage unit 203 and the external device.

1.4. Configuration of the Register Device 300

The register device 300 includes an authentication unit 301, an input unit 302, a display unit 303, a display unit 304, an input/output unit 305, a control unit 306, a communication unit 307, a printing unit 308, a storage 309, a barcode processing unit 310, an information storage unit 312, and an authentication unit 313, as shown in FIG. 11. A barcode reader 311 is connected to the register device 300.

The register device 300 is a cash register device for calculating sales transactions of products such as DVDs, and storing currency. Also, the register device 300 is a device for acquiring a content key assigned to content stored on a DVD from the management server device 100 and providing the content key to a user via a memory card.

The register device 300 can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, and the like. A computer program is stored on the hard disk unit. Functions of the register device 300 can partly be achieved by the microprocessor operating in accordance with this computer program.

(1) Information Storage Unit 312

The information storage unit 312 stores a price list 321, as shown in FIG. 11.

In FIG. 11, the price list 321 is made up of a plurality of sets of price information. Each set of price information corresponds to one DVD, and includes a content ID and a price.

The content ID is identification information for uniquely identifying content stored on the DVD corresponding to the price information that includes the content ID. Here, it is supposed that the DVD stores only one set of content.

The price shows a selling price of the DVD corresponding to the price information that includes the price.

(2) Authentication Unit 313

The authentication unit 313 performs, when a memory card is loaded to the register device 300, mutual device authentication with the loaded memory card via the input/output unit 305. The device authentication referred to here is challenge-response device authentication. The challenge-response device authentication is well known in the art, so that its detailed explanation has been omitted here.

When the mutual device authentication between the authentication unit 313 and the loaded memory card results in success, the authentication unit 313 outputs an authentication result indicating the device authentication success, to the control unit 306. When the mutual device authentication results in failure, on the other hand, the authentication unit 313 outputs an authentication result indicating the device authentication failure, to the control unit 306.

When the mutual device authentication results in failure, the register device 300 does not perform subsequent transmission/reception of information with the memory card.

(3) Authentication Unit 301

The authentication unit 301 performs mutual device authentication with the management server device 100 via the communication unit 307. The device authentication referred to here is challenge-response device authentication. The challenge-response device authentication is well known in the art, so that its detailed explanation has been omitted here.

When the mutual device authentication between the authentication unit 301 and the management server device 100 results in success, the authentication unit 301 outputs an authentication result indicating the device authentication success, to the control unit 306. When the mutual device authentication results in failure, on the other hand, the authentication unit 301 outputs an authentication result indicating the device authentication failure, to the control unit 306.

When the device authentication results in failure, the register device 300 does not perform subsequent transmission/reception of information with the management server device 100.

(4) Input/Output Unit 305

The input/output unit 305 performs bidirectional transmission/reception of information between the control unit 306 and the loaded memory card under control of the control unit 306, and between the authentication unit 313 and the loaded memory card under control of the authentication unit 313.

(5) Barcode Reader 311 and Barcode Processing Unit 310

The barcode reader 311 optically reads a barcode printed on a surface of the DVD package 500, generates corresponding read information, and outputs the generated read information to the barcode processing unit 310.

The barcode processing unit 310 receives the read information from the barcode reader 311, generates a content ID from the received read information, and outputs the generated content ID to the control unit 306.

(6) Control Unit 306

(Connection with the Management Server Device 100)

The control unit 306 transmits a connection request to the management server device 100 via the communication unit 307 and the internet 10. The control unit 306 then instructs the authentication unit 301 to perform mutual device authentication with the management server device 100.

Upon receiving an authentication result indicating device authentication failure from the authentication unit 301, the control unit 306 ends the processing.

(Acquisition of a Content ID)

Upon receiving an authentication result indicating device authentication success from the authentication unit 301, the control unit 306 receives the content ID from the barcode processing unit 310, and reads price information that includes the same content ID as the received content ID from the price list 321. The control unit 306 extracts a price from the read price information, outputs the received content ID and the extracted price to the display units 303 and 304, and instructs the display units 303 and 304 to display them.

(Connection with a Memory Card)

The control unit 306 receives loading information indicating the loading of the memory card 200 a, from the input/output unit 305. Having received the loading information, the control unit 306 instructs the authentication unit 313 to perform mutual device authentication with the loaded memory card 200 a. Upon receiving an authentication result indicating device authentication failure from the authentication unit 313, the control unit 306 ends the processing.

Upon receiving an authentication result indicating device authentication success from the authentication unit 313, the control unit 306 outputs a read instruction to read a media ID and a device ID stored on the memory card 200 a, to the memory card 200 a via the input/output unit 305. The control unit 306 receives a read result via the input/output unit 305. The read result includes a media ID, and at least one device ID or device ID absence information “NO” indicating that no device ID is stored.

When receiving the device ID absence information “NO”, the control unit 306 outputs a message indicating that no device ID is stored on the memory card 200 a to the display units 303 and 304, instructs the display units 303 and 304 to display the message, and ends the processing.

When receiving a plurality of device IDs, the control unit 306 outputs the plurality of device IDs to the display units 303 and 304, and instructs the display units 303 and 304 to display the plurality of device IDs. The control unit 306 then receives designation of one device ID selected from the plurality of device IDs by the user.

When receiving one device ID, the control unit 306 uses that device ID.

(Acquisition of a Content Key from the Management Server Device 100)

Next, the control unit 306 transmits request information for requesting a content key, to the management server device 100 via the communication unit 307. The control unit 306 also transmits the received content ID, the received media ID, and the received device ID to the management server device 100 via the communication unit 307.

Subsequently, the control unit 306 receives a device judgment level from the management server device 100 via the communication unit 307. The control unit 306 may also receive an encrypted content key. In detail, the control unit 306 receives the encrypted content key when the received device judgment level is any of “0”, “1”, and “2”. If the received device judgment level is “3”, the control unit 306 does not receive the encrypted content key.

The control unit 306 judges which of “0”, “1”, “2”, and “3” the received device judgment level is.

If the received device judgment level is “0”, the control unit 306 outputs a message indicating that the provision of the encrypted content key to the user is permitted, to the display units 303 and 304, and instructs the display units 303 and 304 to display the message. The control unit 306 also outputs the device ID and the content ID to the memory card 200 a via the input/output unit 305, and outputs the encrypted content key to the memory card 200 a via the input/output unit 305.

If the received device judgment level is “1”, the control unit 306 outputs a message indicating an advisory to the operator of the register device 300, to the display units 303 and 304, and instructs the display units 303 and 304 to display the message. Also, as in the case where the device judgment level is “0”, the control unit 306 outputs the device ID, the content ID, and the encrypted content key to the memory card 200 a via the input/output unit 305.

If the received device judgment level is “2”, the control unit 306 outputs a message indicating a warning to the operator of the register device 300, to the display units 303 and 304, and instructs the display units 303 and 304 to display the message. The control unit 306 also receives an instruction as to whether or not to approve the provision of the encrypted content key to the user, from the operator of the register device 300 via the input unit 302. If the instruction does not approve the provision, the control unit 306 ends the processing. That is, the control unit 306 does not output the device ID, the content ID, and the encrypted content key to the memory card 200 a. If the instruction approves the provision, on the other hand, the control unit 306 outputs the device ID, the content ID, and the encrypted content key to the memory card 200 a via the input/output unit 305, as in the case where the device judgment level is “0”.

If the received device judgment level is “3”, the control unit 306 outputs a message indicating that the provision of the encrypted content key to the user is prohibited, to the display units 303 and 304, and instructs the display units 303 and 304 to display the message. The control unit 306 then ends the processing. That is, the control unit 306 does not output the encrypted content key to the memory card 200 a.

(7) Input Unit 302, Display Unit 303, Display Unit 304, Printing Unit 308, Storage 309

The input unit 302 receives an input of information or an instruction from the operator of the register device 300, and outputs the received information or instruction to the control unit 306. The display units 303 and 304 receive information to be displayed from the control unit 306, and displays the received information.

The printing unit 308 prints various information under control of the control unit 306.

The storage 309 stores notes and coins.

(8) Communication Unit 307

The communication unit 307 is connected to the management server device 100 via the internet 10. The communication unit 307 performs transmission/reception of information between the control unit 306 and the management server device 100, and transmission/reception of information between the authentication unit 301 and the management server device 100.

1.5. Configuration of the DVD Players 400 a, . . . , 400 b, 400 c, . . . , 400 d

The DVD players 400 a, . . . , 400 b, 400 c, . . . , 400 d have a same configuration. The following describes the configuration of the DVD player 400 as a representative of these DVD players.

The DVD player 400 includes a device ID storage unit 401, an input/output unit 402, a device key storage unit 403, a decryption unit 404, a read unit 405, a decryption unit 406, a playback unit 407, a display unit 408, an input unit 409, a control unit 410, and an authentication unit 411, as shown in FIG. 12. A monitor equipped with a speaker is connected to the DVD player 400.

The DVD player 400 can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, and the like. A computer program is stored on the ROM. Functions of the DVD player 400 can partly be achieved by the microprocessor operating in accordance with this computer program.

(1) Device ID Storage Unit 401 and Device Key Storage Unit 403

The device ID storage unit 401 is made inaccessible from outside. As shown in FIG. 12, the device ID storage unit 401 stores a device ID 421 in advance. The device ID 421 is identification information for uniquely identifying the DVD player 400. However, if the DVD player 400 is an unauthorized device, the device ID 421 may be unable to uniquely identify the DVD player 400.

The device key storage unit 403 is made inaccessible from outside. As shown in FIG. 12, the device key storage unit 403 stores a device key 422 in advance.

The device key 422 is key information assigned to the DVD player 400.

(2) Read Unit 405

The read unit 405 reads information from a DVD loaded in the DVD player 400 and outputs the read information to the control unit 410 or the decryption unit 406, under control of the control unit 410.

(3) Input/Output Unit 402

The input/output unit 402 detects, when a memory card is loaded to the DVD player 400, the loading of the memory card and outputs detection information indicating the loading detection to the control unit 410.

Also, the input/output unit 402 performs bidirectional transmission/reception of information between the control unit 410 and the memory card loaded in the DVD player 400 under control of the control unit 410, and between the authentication unit 411 and the memory card loaded in the DVD player 400 under control of the authentication unit 411.

(4) Authentication Unit 411

The authentication unit 411 performs, when the memory card is loaded to the DVD player 400, mutual device authentication with the loaded memory card via the input/output unit 402. The device authentication referred to here is challenge-response device authentication. Since the challenge-response device authentication is well known in the art, its detailed explanation has been omitted here.

When the mutual device authentication between the authentication unit 411 and the memory card results in success, the authentication unit 411 outputs an authentication result indicating the device authentication success to the control unit 41 b. When the mutual device authentication results in failure, on the other hand, the authentication unit 411 outputs an authentication result indicating the device authentication failure to the control unit 410.

When the mutual device authentication results in failure, the DVD player 400 does not perform subsequent transmission/reception of information with the memory card.

(5) Decryption Unit 404

The decryption unit 404, according to an instruction by the control unit 410, reads the device key 422 from the device key storage unit 403 and receives an encrypted content key from the input/output unit 402. The decryption unit 404 applies decryption algorithm D1 to the encrypted content key using the read device key to generate a playback content key, and outputs the generated playback content key to the decryption unit 406. Here, AES is used as decryption algorithm D1.

(6) Decryption Unit 406

The decryption unit 406 receives the playback content key from the decryption unit 404, and reads encrypted content from the DVD via the read unit 405. The decryption unit 406 applies decryption algorithm D2 to the encrypted content using the received playback content key, to generate playback content. Here, AES is used as decryption algorithm D2. The decryption unit 406 outputs the generated playback content to the playback unit 407.

(7) Playback Unit 407, Monitor, and Speaker

The playback unit 407 receives the playback content from the decryption unit 406, and separates the received playback content into compressed video information and compressed audio information. The playback unit 407 decodes the compressed video information to generate video information, and converts the video information to an analog video signal. The playback unit 407 also decodes the compressed audio information to generate audio information, and converts the audio information to an analog audio signal. The playback unit 407 outputs the generated video signal to the monitor, and the generated audio signal to the speaker provided with the monitor.

The monitor receives the video signal and displays video. The speaker provided with the monitor receives the audio signal and outputs audio.

(7) Control Unit 410

(Detection of a Memory Card)

The control unit 410 receives the detection information indicating the detection of the loading of the memory card, from the input/output unit 402.

Upon receiving the detection information, the control unit 410 instructs the authentication unit 411 to perform mutual device authentication with the loaded memory card. The control unit 410 then receives an authentication result from the authentication unit 411. If the received authentication result indicates device authentication failure, the control unit 410 outputs a message indicating this to the display unit 408, and instructs the display unit 408 to display the message. The control unit 410 then ends the processing.

If the received authentication result indicates device authentication success, the control unit 410 reads the device ID 421 from the device ID storage unit 401, outputs a read instruction to read a device ID stored on the loaded memory card to the input/output unit 402, and instructs the input/output unit 402 to read the device ID.

The control unit 410 receives a read result from the loaded memory card via the input/output unit 402. The received read result is either at least one device ID or absence information indicating that no device ID is stored on the memory card.

When the received read result is the absence information, or when the received read result is at least one device ID that does not include the read device ID 421, the control unit 410 outputs the read device ID 421 to the loaded memory card via the input/output unit 402, and instructs the input/output unit 402 to write the device ID 421 to the memory card.

(Playback of Content)

The control unit 410 receives an instruction to play back the encrypted content stored on the DVD, from the user of the DVD player 400 via the input unit 409. Upon receiving the instruction, the control unit 410 reads the content ID from the DVD via the read unit 405, outputs the content ID and its own device ID to the input/output unit 402, and instructs the input/output unit 402 to read a content key that corresponds to both the content ID and its own device ID from the memory card.

Subsequently, the control unit 410 receives a read result from the memory card via the input/output unit 402. Here, the read result is either one encrypted content key or absence information “NO” indicating that there is no corresponding encrypted content key.

When the read result is the absence information “NO”, the control unit 410 outputs a message indicating this to the display unit 408, and instructs the display unit 408 to display the message.

When the read result is the encrypted content key, the control unit 410 instructs the decryption unit 404 to decrypt the encrypted content key, instructs the decryption unit 406 to decrypt the encrypted content, and instructs the playback unit 407 to play back the playback content and outputs it to the monitor.

(8) Display Unit 408 and Input Unit 409

The display unit 408 displays a message designated by an instruction from the control unit 410.

The input unit 409 receives an instruction from the user of the DVD player 400, and outputs the received instruction to the control unit 410.

1.6. Operations of the Unauthorized Device Detection System 1

Operations of the unauthorized device detection system 1 are described below.

(1) Operation of Acquiring a Device ID from the Memory Card 200 a by the DVD Player 400

An operation of acquiring a device ID from the memory card 200 a by the DVD player 400 is described below, with reference to a flowchart of FIG. 13.

Upon receiving detection information indicating detection of loading of a memory card from the input/output unit 402 (step S101: YES), the control unit 410 in the DVD player 400 instructs the authentication unit 411 to perform mutual device authentication with the loaded memory card (step S102). If an authentication result received from the authentication unit 411 indicates device authentication failure (step S103: NO), the control unit 410 outputs a message indicating this to the display unit 408, and instructs the display unit 408 to display the message (step S105). The control unit 410 then ends the processing.

If the received authentication result indicates device authentication success (step S103: YES), the control unit 410 reads the device ID 421 from the device ID storage unit 401 (step S106), and outputs a read instruction to read a device ID stored on the loaded memory card to the input/output unit 402 (step S107).

The input/output unit 201 in the memory card 200 attempts to read a device ID from the encrypted content key list 221 in the general area 205 (step S108), and outputs a read result to the DVD player 400. The control unit 410 receives the read result from the loaded memory card via the input/output unit 402 (step S109).

If the received read result is absence information, or if the received read result is at least one device ID that does not include the read device ID 421 (step S110: YES), the control unit 410 outputs the read device ID 421 to the loaded memory card via the input/output unit 402 (step S111), and the input/output unit 201 in the memory card 200 writes the received device ID to the encrypted content key list 221 (step S112).

(2) Operation of Acquiring an Encrypted Content Key by the Register Device 300

An operation of acquiring an encrypted content key from the management server device 100 by the register device 300 is described below, with reference to flowcharts of FIGS. 14-17.

The control unit 306 in the register device 300 transmits a connection request to the management server device 100 via the communication unit 307 and the internet 10 (step S200). The control unit 306 then instructs the authentication unit 301 to perform mutual device authentication with the management server device 100 (step S201). If the control unit 306 receives an authentication result indicating device authentication failure from the authentication unit 301 (step S203: NO), the control unit 306 ends the processing. If the control unit 306 receives an authentication result indicating device authentication success from the authentication unit 301 (step S203: YES), the control unit 306 receives a content ID from the barcode processing unit 310 (step S204), reads price information that includes the same content ID as the received content ID from the price list 321, and extracts a price from the read price information. The control unit 306 outputs the received content ID and the extracted price to the display units 303 and 304, and instructs the display units 303 and 304 to display them (step S205).

Next, the control unit 306 instructs the authentication unit 313 to perform mutual device authentication with the loaded memory card 200 a (step S206). If the control unit 306 receives an authentication result indicating device authentication failure from the authentication unit 313 (step S207: NO), the control unit 306 outputs a message indicating the device authentication failure to the display units 303 and 304, and instructs the display units 303 and 304 to display the message (step S209). The control unit 306 then ends the processing.

If the control unit 306 receives an authentication result indicating device authentication success from the authentication unit 313 (step S207: YES), the control unit 306 outputs a read instruction to read a media ID and a device ID stored on, the memory card 200 a to the memory card 200 a via the input/output unit 305 (step S210).

If the input/output unit 201 in the memory card 200 receives an authentication result indicating device authentication failure from the authentication unit 202 (step S208: NO), the input/output unit 201 ends the processing.

If the input/output unit 201 receives an authentication result indicating device authentication success from the authentication unit 202 (step S208: YES), the input/output unit 201 attempts to read, a device ID from the encrypted content key list 221 in the general area 205 (step S211), and outputs a read result to the register device 300 (step S212).

The control unit 306 receives the read result via the input/output unit 305 (step S212).

If the read result is device ID absence information “NO” (step S213), the control unit 306 outputs a message indicating that no device ID is stored on the memory card 200 a to the display units 303 and 304, instructs the display units 303 and 304 to display the message (step S214), and ends the processing.

If the read result is a plurality of device IDs (step S213), the control unit 306 outputs the plurality of device IDs to the display units 303 and 304, and instructs the display units 303 and 304 to display the plurality of device IDs (step S215). The control unit 306 receives a designation of one device ID selected from the plurality of device IDs by the user (step S216).

The control unit 306 transmits request information showing a content key request to the management server device 100 via the communication unit 307 (step S231), and transmits the content ID, the device ID, and the media ID to the management server device 100 via the communication unit 307 (step S232).

The control unit 102 in the management server device 100 receives the content key request, the content ID, the device ID, and the media ID from the register device 300 via the internet 10 and the communication unit 101 (steps S231-S232), and searches the management table 120 for the same device ID as the received device ID (step S233). If the same device ID is not found in the management table 120 (step S234: NO), the control unit 102 sets a total media ID number to “1” (step S235), writes the received device ID and media ID and the total media ID number to the management table 120 as media ID information (step S236), and moves to step S252.

If the same device ID is found in the management table 120 (step S234: YES), the control unit 102 extracts media ID information that includes the same device ID from the management table 120, and judges whether the extracted media ID information includes the same media ID as the received media ID (step S237) If the same media ID is not included (step S238: NO), the control unit 102 adds the value “1” to a total media ID number in the extracted media ID information (step S239), and writes the received media ID to the extracted media ID information (step S240).

Next, the control unit 102 judges which of the following ranges the total media ID number in the extracted media ID information belongs to: (i) no more than “100”; (ii) from “101” to “150” inclusive; (iii) from “151” to “199” inclusive; and (iv) no less than “200” (step S251).

If the total media ID number is no more than “100” (i) (step S251), or if the same device ID as the received device ID is not found in the management table 120 (step S234: NO, steps S235 and S236), the control unit 102 sets a device judgment level to “0” indicating that the device used by the user is not an unauthorized device (step S252). The control unit 102 transmits the device judgment level set to “0”, to the register device 300 via the communication unit 101 and the internet 10 (step S253). The encryption unit 107 reads device key information that includes the same device ID as the received device ID from the device key list 130, and extracts a device key from the read device key information (step S265). The selection unit 105 reads content key information that includes the same content ID as the received content ID from the content key list 140, extracts a content key from the read content key information, and outputs the extracted content key to the encryption unit 107 (step S266). The encryption unit 107 applies encryption algorithm E1 to the received content key using the extracted device key to generate an encrypted content key (step S267), and transmits the encrypted content key to the register device 300 via the communication unit 101 and the internet 10 (step S268).

If the total media ID number is in the range of “101” to “150” inclusive (ii) (step S251), the control unit 102 sets the device judgment level to “1” indicating that the device used by the user requires an advisory (step S254), transmits the device judgment level set to “1” to the register device 300 via the communication unit 101 and the internet 10 (step S255), and writes the received device ID to the advisory device list 150 (step S256). The control unit 102 then moves to step S265.

If the total media ID number is in the range of “151” to “199” inclusive (step S251), the control unit 102 sets the device judgment level to “2” indicating that the device used by the user requires a warning (step S257), transmits the device judgment level set to “2” to the register device 300 via the communication unit 101 and the internet 10 (step S258), and writes the received device ID to the warning device list 160 (step S259). The control unit 102 then receives an instruction as to whether or not to approve the provision of the content key to the user, from the register device 300 via the internet 10 and the communication unit 101 (step S260) If the received instruction does not approve the provision (step S261), the control unit 102 ends the processing. If the received instruction approves the provision (step S261), the control unit 102 moves to step S265.

If the total media ID number is no less than “200” (step S251), the control unit 102 sets the device judgment level to “3” indicating that the device used by the user is an unauthorized device (step S262), transmits the device judgment level set to “3” to the register device 300 via the communication unit 101 and the internet 10 (step S263), writes the received device ID to the unauthorized device list 170 (step S264), and ends the processing.

The control unit 306 receives the device judgment level from the management server device 100 via the communication unit 307 (steps S253, S255, S258, S263). The control unit 306 may also receive the encrypted content key (step S268).

The control unit 306 judges which of “0”, “1”, “2”, and “3” the received device judgment level is (step S281).

When the received device judgment level is “0” (step S281), the control unit 306 outputs a message indicating that the provision of the encrypted content key to the user is permitted to the display units 303 and 304, and instructs the display units 303 and 304 to display the message (step S282). The control unit 306 also outputs the device ID and the content ID to the memory card 200 a via the input/output unit 305 (step S291), and further outputs the encrypted content key to the memory card 200 a via the input/output unit 305 (step S293).

When the received device judgment level is “1” (step S281), the control unit 306 outputs a message indicating an advisory to the operator of the register device 300 to the display units 303 and 304, and instructs the display units 303 and 304 to display the message (step S283). The control unit 306 then moves to step S291.

When the received device judgment level is “2” (step S281), the control unit 306 outputs a message indicating a warning to the operator of the register device 300 to the display units 303 and 304, and instructs the display units 303 and 304 to display the message (step S284). The control unit 306 receives an instruction as to whether or not to approve the provision of the encrypted content key to the user, from the operator of the register device 300 via the input unit 302 (step S285). The control unit 306 outputs the received instruction to the management server device 100 (step S260). If the received instruction does not approve the provision (step S287), the control unit 306 ends the processing. If the received instruction approves the provision (step S287), the control unit 306 moves to step S291.

When the received device judgment level is “3” (step S281), the control unit 306 outputs, to the display units 303 and 304, a message indicating that the provision of the encrypted content key to the user is prohibited to the operator of the register device 300, and instructs the display units 303 and 304 to display the message (step S288). The control unit 306 then ends the processing.

The input/output unit 201 in the memory card 200 receives the device ID and the content ID (step S291), and writes the content ID to the encrypted content key list 221 in correspondence with the device ID (step S292). The input/output unit 201 also receives the encrypted content key (step S293), and writes the encrypted content key to the encrypted content key list 221 in correspondence with the content ID (step S294).

(3) Decryption and Playback of Encrypted Content by the DVD Player 400

Decryption and playback of encrypted content by the DVD player 400 is described below, with reference to flowcharts of FIGS. 18-19.

The DVD player 400 acquires the device ID from the memory card 200 according to the procedure shown in the flowchart of FIG. 13 (step S301). The control unit 410 receives an instruction to play back encrypted content stored on the DVD, from the user of the DVD player 400 via the input unit 409 (step S302). Upon receiving the instruction, the control unit 410 reads a content ID from the DVD via the read unit 405 (step S305), and outputs the content ID and its own device ID to the input/output unit 402 (step S306). The input/output unit 201 in the memory card 200 attempts to read a content key corresponding to both the content ID and the device ID (step S307), and outputs a read result to the DVD player 400 (step S308).

The control unit 410 receives the read result from the memory card 200 via the input/output unit 402 (step S308). When the read result is absence information “NO” (step S309), the control unit 410 outputs a message indicating this to the display unit 408, instructs the display unit 408 to display the message (step S310), and ends the processing.

When the read result is an encrypted content key (step S309), in accordance with an instruction from the control unit 410, the decryption unit 404 reads the device key 422 from the device key storage unit 403 (step S311), and applies decryption algorithm D1 to the encrypted content key using the read device key to generate a playback content key (step S312).

The decryption unit 406 reads the encrypted content from the DVD via the read unit 405 (step S313), and applies decryption algorithm D2 to the encrypted content using the playback content key to generate playback content (step S314).

The playback unit 407 separates the received playback content into compressed video information and compressed audio information. The playback unit 407 decodes the compressed video information to generate video information, and converts the video information to an analog video signal. The playback unit 407 also decodes the compressed audio information to generate audio information, and converts the audio information to an analog audio signal. The monitor displays video, and the speaker provided with the monitor outputs audio (step S315).

1.7. Summary on the Unauthorized Device Detection System 1

The unauthorized device detection system 1 is based on the assumption that a large number of unauthorized DVD players that store a same device ID as a device ID for uniquely identifying an authorized DVD player are distributed in the market.

When a user of an unauthorized DVD player storing the same device ID wants to play back content, the unauthorized DVD player writes the device ID stored therein onto a memory card.

When the user purchases a new DVD, the device ID and a media ID for uniquely identifying the memory card, both of which are stored on the memory card, are collected by the management server device 100 via the register device 300.

Through the use of a plurality of pairs of collected device IDs and media IDs, the management server device 100 summarizes a total number of media IDs corresponding to one device ID, thereby calculating a total media ID number. If the total media ID number is no less than a predetermined threshold value, the management server device 100 judges that a DVD player having this device ID is an unauthorized device.

For example, the threshold value used here is “100”. This threshold value represents a maximum number of memory cards that are likely to be possessed by one user. That is, this threshold value is set on the assumption that it is not unnatural for one user to possess up to 100 memory cards.

However, suppose a large number of unauthorized DVD players, e.g. 1,000 unauthorized DVD players, are manufactured and distributed, and each user of these unauthorized DVD players possesses 100 memory cards. Since the 1,000 unauthorized DVD players store a same device ID, a total media ID number calculated for this device ID is 100×1,000=100,000. Thus, if the calculated total media ID number exceeds a reasonable number of memory cards that are likely to be possessed by one user, a DVD player having the device ID is judged as an unauthorized device.

2. Modification (1)

The following describes an unauthorized device detection system 1 e (not illustrated) as a first modification example of the unauthorized device detection system 1.

In the unauthorized device detection system 1, an unauthorized DVD player is specified by using a total media ID number. In the unauthorized device detection system 1 e, on the other hand, the following method is employed. The management server device 100 stores, in correspondence with each device ID, one or more content IDs respectively for identifying one or more sets of content played back by a DVD player identified by the device ID. The management server device 100 compares a group of one or more content IDs respectively for identifying one or more sets of content played back by a DVD player identified by a specific device ID, with a group of one or more content IDs stored in the management server device 100 in correspondence with that device ID. If either one of the two groups is a subset of the other group or the two groups completely match each other, the management server device 100 judges that the DVD player identified by the device ID is an authorized device. Otherwise, the management server device 100 judges that the DVD player identified by the device ID is an unauthorized device.

The unauthorized device detection system 1 e has a similar configuration to the unauthorized device detection system 1. The following mainly describes the difference from the unauthorized device detection system 1.

(1) Configuration of the Memory Card 200 e

In the unauthorized device detection system 1 e, a memory card 200 e shown in FIG. 20 is used instead of the memory card 200 in the unauthorized device detection system 1.

The memory card 200 e includes an input/output unit 201 e and a storage unit 203 e, as shown in FIG. 20. The memory card 200 e may further include an authentication unit 202 e (not illustrated) that is the same as the authentication unit 202 in the memory card 200.

The storage unit 203 e has a general area 205 e. The general area 205 e has a user history information list 231 e.

The user history information list 231 e has an area for storing one or more sets of user history information.

Each set of user history information includes one device ID and one content ID, and corresponds to one set of content played back by one device (DVD player in this embodiment).

The device ID is identification information for uniquely identifying a device (DVD player in this embodiment) that plays back the content corresponding to the user history information that includes the device ID. As mentioned above, however, if there is an unauthorized device storing the device ID, the device ID may be unable to uniquely identify one device. The content ID is identification information for uniquely identifying the content corresponding to the user history information that includes the content ID.

The input/output unit 201 e reads information from the general area 205 e in the storage unit 203 e, and outputs the read information to an external device in which the memory card 200 e is loaded. The input/output unit 201 e also receives information from the external device, and writes the received information to the general area 205 e in the storage unit 203 e. The external device referred to here is the register device or each DVD player.

(2) Configuration of the Management Server Device 100

The management server device 100 in the unauthorized device detection system 1 e has the same configuration as the management server device 100 in the unauthorized device detection system 1.

The management server device 100 has a server history information list 120 e shown in FIG. 21, in the management table storage unit 103.

The server history information list 120 e is made up of a plurality of sets of server history information. Each set of server history information corresponds to one set of content played back by one device (DVD player in this embodiment).

Each set of server history information includes a device ID and a content ID.

The device ID is identification information for uniquely identifying a device that plays back the content corresponding to the server history information that includes the device ID. As mentioned above, however, if there is an unauthorized device that stores the device ID, the device ID may be unable to uniquely identify one device.

The content ID is identification information for uniquely identifying the content corresponding to the server history information that includes the content ID.

The control unit 102 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10, and extracts a device ID from the received user history information list. Here, it is supposed that one device ID is extracted.

The control unit 102 extracts all sets of server history information that include the extracted device ID, from the server history information list 120 e. A group of all extracted sets of server history information is referred to as server history information group β, while the received user history information list is referred to as group α.

The control unit 102 compares group α and group β, to judge if group α and group β completely match each other, group α is a subset of group β, group β is a subset of group α, or group α and group β neither completely match each other nor have the subset relation.

When group α and group β completely match each other, group α is a subset of group β, or group β is a subset of group α, the control unit 102 judges that the DVD player identified by the extracted device ID is an authorized device, and sets a device judgment level to “0”. Here, if group β is a subset of group α, the control unit 102 also adds a difference between group β and group α to the server history information list 120 e. The control unit 102 then transmits the device judgment level to the register device 300 via the internet 10.

When groups α and β neither completely match each other nor have the subset relation, the control unit 102 judges that the DVD player identified by the extracted device ID is an unauthorized device, sets the device judgment level to “3”, and adds the extracted device ID to the unauthorized device list. Here, if group is a subset of group α, the control unit 102 also adds a difference between group β and group α to the server history information list 120 e. The control unit 102 then transmits the device judgment level to the register device 300 via the internet 10.

(3) Operation of a DVD Player when Playing Back Content

An operation of a DVD player when playing back content is described below, with reference to a flowchart of FIG. 22.

The DVD player detects loading of a DVD (step S401), reads its own device ID stored therein (step S402), reads a content ID from the loaded DVD (step S403), and outputs an instruction to read a device ID and a content ID to the memory card 200 e (step S404). The memory card 200 e attempts to read the pair of device ID and content ID (viewing history information) (step S405), and outputs a read result to the DVD player (step S406).

If the read result indicates that the pair of device ID and content ID does not exist, the DVD player outputs a write instruction to write the device ID and the content ID to the memory card 200 e (step S408). The memory card 200 e writes the received device ID and content ID to the general area 205 e (step S411).

Meanwhile, the DVD player reads content from the loaded DVD (step S409), and plays back the read content (step S410).

(4) Operation when Purchasing a DVD

An operation of each device when purchasing a DVD is described below, with reference to flowcharts of FIGS. 23-24.

The register device 300 outputs a read instruction to read the user history information list to the loaded memory card 200 e (step S431). The memory card 200 e reads the user history information list 231 e from the general area 205 e (step S432), and outputs the read user history information list 231 e to the register device 300 (step S433).

The register device 300 transmits the received user history information list to the management server device 100 via the internet 10 (step S434).

The control unit 102 in the management server device 100 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10 (steps S433 and S434), and extracts a device ID from the received user history information list (step S435).

The control unit 102 extracts all sets of server history information that include the extracted device ID, from the server history information list 120 e (step S436).

The control unit 102 compares group α and group β, to judge if group α and group β completely match each other, group α is a subset of group β, group β is a subset of group α, or group α and group β neither completely match each other nor have the subset relation (step S437).

When group α and group β completely match each other, group α is a subset of group β, or group β is a subset of group α, the control unit 102 sets the device judgment level to “0” (step S438). Here, if group β is a subset of group α, the control unit 102 also adds a difference between group β and group α to the server history information list 120 e (step S441). The control unit 102 then transmits the device judgment level to the register device 300 via the internet 10 (step S442).

If group α and group β neither completely match each other nor have the subset relation, the control unit 102 sets the device judgment level to “3” (step S439), and writes the extracted device ID to the unauthorized device list (step S440). Here, if group β is a subset of group α, the control unit 102 also adds a difference between group β and group a to the server history information list 120 e (step S441). The control unit 102 then transmits the device judgment level to the register device 300 via the internet 10 (step S442).

(5) Example of Comparison between Group α and Group β

The comparison between group α and group β by the control unit 102 is explained below, using examples. As noted earlier, group α is obtained from the memory card 200 e, whereas group β is extracted from the server history information list 120 e in the management server device 100.

FIG. 25 shows a first example of group α and group β. In FIG. 25, group α 601 is composed of content IDs “C001”, “C002”, . . . , “C006”, while group β 602 is composed of content IDs “C001”, “C002”, . . . , “C005”. Since group β 602 is a subset of group α 601, the device identified by the extracted device ID is judged as an authorized device.

It should be noted here that in group α 601 and group β 602 shown in FIG. 25, only the content IDs are illustrated while a device ID as part of the group elements has been omitted for simplicity's sake. The same applies to FIGS. 26 and 27.

FIG. 26 shows a second example of group α and group β. In FIG. 26, group α 603 is composed of content IDs “C001” and “C002”, while groups 604 is composed of content IDs “C001”, “C002”, . . . , “C005”. Since group α 603 is a subset of group β 604, the device identified by the extracted device ID is judged as an authorized device in this case too.

FIG. 27 shows a third example of group α and group β. In FIG. 27, group α 605 is composed of content IDs “X001” and “X002”, while group β 606 is composed of content IDs “M001” and “M002”. Since group α 605 and group β 606 have no subset relation, the device identified by the extracted device ID is judged as an unauthorized device.

(6) Supplementary Explanation (1)

Before the user plays back content for the first time, there is no user history information in the user history information list 231 e stored on the memory card 200 e. As an alternative, the user history information list 231 e itself may not be stored on the memory card 200 e at this stage.

In such a case, when the memory card 200 e is loaded to the register device 300, the register device 300 does not transmit user history information to the management server device 100, because no user history information is included in the user history information list 231 e or the user history information list 231 e itself does not exist.

(7) Supplementary Explanation (2)

As mentioned above, before the user plays back content for the first time, there is no user history information in the user history information list 231 e stored on the memory card 200 e.

When the user plays back content identified by the content ID “C001”, user history information that is composed of a device ID for identifying a device used for the playback such as “ID-A” and the content ID “C001” is written to the user history information list 231 e on the memory card 200 e. Subsequently, when the memory card 200 e is loaded to the register device 300, this user history information list 231 e is transmitted from the register device 300 to the management server device 100, and the management server device 100 writes the user history information composed of “ID-A” and the content ID “C001” to the server history information list 120 e.

After this, when the user-plays back content identified by the content ID “C002”, user history information that is composed of the device ID for identifying the device used for the playback such as “ID-A” and the content ID “C002” is written to the user history information list 231 e on the memory card 200 e. As a result, the user history information list 231 e includes the user history information composed of “ID-A” and “C001” and the user history information composed of “ID-A” and “C002”.

When the memory card 200 e is loaded to the register device 300, this user history information list 231 e is transmitted from the register device 300 to the management server device 100, and the management server device 100 writes the user history information composed of “ID-A” and the content ID “C002” to the server history information list 120 e.

Thus, in the case where the user uses only one memory card, group β stored in the management server device 100 is always a subset of group α transmitted from the memory card 200 e.

Consider the case where the user subsequently uses another memory card having the same configuration as the memory card 200 e for some reason. For example, the reason for using another memory card is that the user lost the memory card 200 e, the memory card 200 e was broken, or the entire storage capacity of the memory card 200 e has been used up.

Suppose the user uses another memory card and plays back, the content identified by the content ID “C001”. In this case, user history information composed of the device ID for identifying the device used for the playback such as “ID-A” and the content ID “C001” is written to a user history information list of the other memory card. As a result, the user history information list of the other memory card includes the user history information composed of “ID-A” and “C001”.

In such a case, since the user uses only the second card, group α transmitted from the memory card 200 e is always a subset of group β stored in the management server device 100, instead of group β being a subset of group α.

In this case too, the device identified by the device ID can be regarded as an authorized device.

For the above reason, the control unit 102 judges that the device identified by the device ID is an authorized device in both of the case where group α is a subset of group β and the case where group β is a subset of group α.

(8) Another Modification

A DVD player which is a content playback device may have the following configuration.

The DVD player includes: an identifier storage unit operable to store a device identifier for identifying the DVD player; a history storage unit operable to acquire, each time a BD is loaded or an instruction to play back content stored on the BD is received from a user, that is, for each instance of content playback, a content identifier for identifying the content from the BD and store, together with a playback ordinal number of the content, the acquired content identifier and date and time information showing a playback date and time, as playback history information showing the playback of the content; and a write unit operable to write, when a memory card is loaded to the DVD player, the device identifier, the playback history information, and the playback ordinal number to the memory card.

3. Modification (2)

The following describes an unauthorized device detection system 1 f (not illustrated) as a modification example of the unauthorized device detection system 1 e.

The unauthorized device detection system 1 f operates in the following manner. The management server device 100 stores, in correspondence with each device ID, one or more content IDs respectively for identifying one or more sets of content played back by a DVD player identified by the device ID and a playback ordinal number showing an ordinal number of each set of content in a content playback order. The management server device 100 compares a group of playback ordinal numbers and content IDs for identifying one or more sets of content played back by a DVD player identified by a specific device ID, with a group of playback ordinal numbers and content IDs stored in the management server device 100 in correspondence with that device ID. If the two groups completely match each other, that is, if all content IDs included in either one of the two groups completely match all content IDs included in the other group and also a playback ordinal number corresponding to each content ID in one group matches a playback ordinal number corresponding to its matching content ID in the other group, the management server device 100 judges that the DVD player identified by the device ID is an authorized device. Otherwise, the management server device 100 judges that the DVD player identified by the device ID is an unauthorized device.

The unauthorized device detection system 1 f has a similar configuration to the unauthorized device detection system 1 e. The following mainly describes the difference from the unauthorized device detection system 1 e.

(1) Configuration of the Memory Card 200 e

The unauthorized device detection system 1 f uses the memory card 200 e as in the unauthorized device detection system 1 e. The storage unit 203 e in the memory card 200 e has the general area 205 e. The general area 205 e has a user history information list 231 f shown in FIG. 28, instead of the user history information list 231 e. The following mainly describes the difference from the memory card 200 e used in the unauthorized device detection system 1 e.

The user history information list 231 f has an area for storing at least one set of user history information.

Each set of user history information includes one device ID, one playback ordinal number, and one content ID, and corresponds to one set of content played back by one device (DVD player in this embodiment).

The device ID is identification information for uniquely identifying a device (DVD player in this embodiment) that plays back the content corresponding to the user history information that includes the device ID. As mentioned earlier, however, if there is an unauthorized device that stores the device ID unauthorizedly, the device ID may be unable to uniquely identify one device.

The content ID is identification information for uniquely identifying the content corresponding to the user history information that includes the content ID.

The playback ordinal number is information showing an ordinal number at which the content corresponding to the user history information that includes the playback ordinal number is played back by the device.

(2) Configuration of the Management Server Device 100

The management server device 100 in the unauthorized device detection system 1 f has a similar configuration to the management server device 100 in the unauthorized device detection system 1 e. The following mainly describes the difference from the management server device 100 in the unauthorized device detection system 1 e.

The management server device 100 has a server history information list 120 f shown in FIG. 29 in the management table storage unit 103, instead of the server history information list 120 e.

The server history information list 120 f is made up of a plurality of sets of server history information. Each set of server history information corresponds to one set of content played back by one device (DVD player in this embodiment).

Each set of server history information includes a device ID, a playback ordinal number, and a content ID.

The device ID is identification information for uniquely identifying the device that plays back the content corresponding to the server history information that includes the device ID. As mentioned earlier, however, if there is an unauthorized device that stores the device ID unauthorizedly, the device ID may be unable to uniquely identify one device.

The content ID is identification information for uniquely identifying the content corresponding to the server history information that includes the content ID.

The playback ordinal number is information showing an ordinal number at which the content corresponding to the server history information that includes the playback ordinal number is played back by the device.

The control unit 102 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10, and extracts a device ID from the received user history information list. Here, it is supposed that one device ID is extracted.

The control unit 102 extracts all sets of server history information that include the extracted device ID, from the server history information list 120 f. A group of all extracted sets of server history information is referred to as server history information group β, while the received user history information list is referred to as group α.

The control unit 102 compares group α and group β, to judge whether or not group α and group β completely match each other.

The complete match mentioned here denotes the following state.

All content IDs in group α completely match all content IDs in group β, and also a playback ordinal number corresponding to each content ID in group α matches a playback ordinal number corresponding to its matching content ID in group β.

If group α and group β completely match each other, the control unit 102 judges that a DVD player identified by the extracted device ID is an authorized device, sets the device judgment level to “0”, and transmits the device judgment level to the register device 300 via the internet 10.

If group α and group β do not completely match each other, the control unit 102 judges that the DVD player identified by the extracted device ID is an unauthorized device, sets the device judgment level to “3”, and writes the extracted device ID to the unauthorized device list. The control unit 102 also adds group α to the server history information list 120 f, and transmits the device judgment level to the register device 300 via the internet 10.

(3) Operation when Purchasing a DVD

An operation of the management server device 100 when purchasing a DVD is described below, with reference to a flowchart of FIG. 30.

The control unit 102 in the management server device 100 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10, extracts a device ID from the received user history information list, and extracts all sets of server history information that include the extracted device ID from the server history information list 120 f.

The control unit 102 compares group α and group β. If content IDs in group α match content IDs in group β (step S437 f), the control unit 102 compares their corresponding playback ordinal numbers. If their corresponding playback ordinal numbers match, that is, if group α and group β completely match each other (step S451), the control unit 102 sets the device judgment level to “0” (step S438 f).

Otherwise (step S437 f), the control unit 102 sets the device judgment level to “3” (step S439 f), and writes the extracted device ID to the unauthorized device list (step S440 f).

(4) Example of Comparison between Group α and Group β

The comparison between group α and group β by the control unit 102 is explained below, using examples. As mentioned earlier, group α is obtained from the memory card 200 e, whereas group β is extracted from the server history information list 120 f in the management server device 100.

FIG. 31 shows a first example of comparison between group α and group β. In FIG. 31, group α 611 is composed of pairs of playback ordinal numbers and content IDs {“1”, “C001”}, {“2”, “C002”}, {“3”, “C003”}, {“4”, “C004”}, and {“5”, “C005”}, while group β 612 is composed of pairs of playback ordinal numbers and content IDs {“1”, “C001”}, {“2”, “C002”}, {“3”, “C003”}, {“4”, “C004”}, and {“5”, “C005”}.

In this case, group α 611 and group β 612 completely match each other, and so the device identified by the extracted device ID is presumed to be an authorized device.

FIG. 32 shows a second example of comparison between group α and group β. In FIG. 32, group α 613 is composed of pairs of playback ordinal numbers and content IDs {“2”, “C001”}, {“1”, “C002”}, {“3”, “C003”}, {“4”, “C004”}, and {“5”, “C005”}, while group β 614 is composed of pairs of playback ordinal numbers and content IDs {“1”, “C001”}, {“2”, “C002”}, {“3”, “C003”}, {“4”, “C004”}, and {“5”, “C005”}. When comparing group α 613 and group β 614, though the content IDs in the two groups match each other, the playback ordinal numbers corresponding to the content IDs “C001” and “C002” in group α 613 are different from the playback ordinal numbers corresponding to the content IDs “C001” and “C002” in group β 614. Accordingly, the device identified by the extracted device ID is presumed to be an unauthorized device in this case.

(5) Modification of the Unauthorized Device Detection System 1 f

In the above example, the device is presumed to be authorized when group α and group β completely match each other, but the present invention is not limited to such. The following operation may be performed except when group α and group β completely match each other.

By referring to the content IDs that constitute part of the elements of group α and the content IDs that constitute part of the elements of group β, the control unit 102 compares group A which is composed of the content IDs of group α and group B which is composed of the content IDs of group β, to judge if group A is a subset of group B, group B is a subset of group A, or group A and group B do not have the subset relation.

When group A is a subset of group B or group B is a subset of group A, the control unit 102 extracts each content ID that is included in both group A and group B.

The control unit 102 extracts a playback ordinal number corresponding to the extracted content ID from group α and a playback ordinal number corresponding to the extracted content ID from group β, and judges whether the extracted two playback ordinal numbers match each other. If the extracted two playback ordinal numbers do not match each other, the control unit 102 presumes that the device identified by the extracted device ID is an unauthorized device.

If the extracted two playback ordinal numbers match each other for every extracted content ID, the control unit 102 presumes that the device identified by the extracted device ID is an authorized device.

4. Modification (3)

The following describes an unauthorized device detection system 1 g (not illustrated) as a modification of the unauthorized device detection system 1 f.

As explained with regard to the unauthorized device detection system 1 f, before the user plays back content for the first time, there is no user history information in the user history information list 231 f stored on the memory card 200 e.

When the user plays back content identified by the content ID “C001”, user history information that is made up of a device ID for identifying a device used for the playback such as “ID-A”, a payback ordinal number “1”, and the content ID “C001” is written to the user history information list 231 f on the memory card 200 e.

When the memory card 200 e is loaded to the register device 300, this user history information list 231 f is transmitted from the register device 300 to the management server device 100, and the management server device 100 writes the user history information made up of “ID-A”, the playback ordinal number “1”, and the content ID “C001” to the server history information list 120 f.

After this, when the user plays back content identified by the content ID “C002”, user history information that is made up of the device ID for identifying the device used for the playback such as “ID-A”, a playback ordinal number “2”, and the content ID “C002” is written to the user history information list 231 f on the memory card 200 e. As a result, the user history information list 231 f includes the user history information made up of “ID-A”, “1”, and “C001” and the user history information made up of “ID-A”, “2”, and “C002”.

When the memory card 200 e is loaded to the register device 300, this user history information list 231 f is transmitted from the register device 300 to the management server device 100, and the management server device 100 writes the user history information made up of “ID-A”, the playback ordinal number “2”, and the content ID “C002” to the server history information list 120 f.

Thus, in the case where the user uses only one memory card, group β stored in the management server device 100 is always a subset of group α transmitted from the memory card 200 e.

Suppose the user subsequently uses another memory card having the same configuration as the memory card 200 e and plays back content identified by the content ID “C003”. The reason for using another memory card is as explained above. In this case, user history information that is made up of the device ID for identifying the device used for the playback such as “ID-A”, a playback ordinal number “1”, and the content ID “C003” is written to a user history information list on the other memory card. As a result, the user history information list of the other memory card includes the user history information made up of “ID-A”, the playback ordinal number “1”, and “C003”.

In such a case, group β stored in the management server device 100 is not a subset of group α transmitted from the memory card 200 e, and also group α is not a subset of group β. Even in this case, the device identified by the device ID can be regarded as an authorized device.

Here, the following states are regarded as belonging to a same viewing history series (a first viewing history series): an initial state where no user history information is included in the user history information list 231 f on the memory card 200 e; a subsequent state where the user history information made up of “ID-A”, “1”, and “C001” is written to the user history information list 231 f; a subsequent state where the user history information made up of “ID-A”, “2”, and “C002” is written to the user history information list 231 f; a subsequent state where user history information made up of “ID-A”, a playback ordinal number, and another content ID is written to the user history information list 231 f; and a similar state that would subsequently occur.

Meanwhile, the following states are regarded as belonging to a same viewing history series (a second viewing history series): a state where the user history information made up of “ID-A”, the playback ordinal number “1”, and the content ID “C003” is written to the user history information list on the other memory card; a subsequent state where user history information made up of “ID-A”, a playback ordinal number, and another content ID is written to the user history information list; and a similar state that would subsequently occur.

The first viewing history series and the second viewing history series correspond to the same device ID, but are different from each other.

(1) Configuration of the Unauthorized Device Detection System 1 g

The management server device 100 in the unauthorized device detection system 1 g extracts, from the server history information list 120 f stored therein (same as the server history information list 120 f in the unauthorized device detection system 1 f), one or more viewing history series that correspond to the same device ID as the device ID received from the memory card 200 e via the register device 300, and judges whether a viewing history series to which the received user history information list belongs is the same as any of the extracted viewing history series. If the judgment is affirmative, the management server device 100 calculates a total series number showing a total number of the extracted viewing history series. If the judgment is negative, the management server device 100 adds “1” to the total number of the extracted viewing history series, to thereby calculate the total series number. The management server device 100 compares the calculated total series number with a predetermined threshold value such as “100”. If the calculated total series number is more than “100”, the management server device 100 presumes that the device identified by the received device ID is an unauthorized device. If the calculated total series number is no more than “100”, the management server device 100 presumes that the device identified by the received device ID is an authorized device.

The unauthorized device detection system 1 g has a similar configuration to the unauthorized device detection system 1 f. The following mainly describes the difference from the unauthorized device detection system 1 f.

The unauthorized device detection system 1 g uses the memory card 200 e having the same configuration as that in the unauthorized device detection system 1 f. The memory card 200 e has the user history information list 231 f shown in FIG. 28.

(2) Configuration of the Management Server Device 100

The management server device 100 in the unauthorized device detection system 1 g has a similar configuration to the management server device 100 in the unauthorized device detection system 1 f. The following mainly describes the difference from the management server device 100 in the unauthorized device detection system 1 f.

The management server device 100 has the server history information list 120 f shown in FIG. 29, in the management table storage unit 103.

The server history information list 120 f is as described above. In the server history information list 120 f, all sets of server history information that belong to a same viewing history series are arranged adjacent to each other and in ascending order of playback ordinal numbers.

The control unit 102 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10, and extracts a device ID from the received user history information list. Here, it is supposed that one device ID is extracted.

The control unit 102 extracts all sets of server history information that include the extracted device ID, from the server history information list 120 f. All of the extracted sets of server history information are referred to as a server history information group. FIG. 34 shows a server history information group 621 as one example of the server history information group.

Next, the control unit 102 classifies the extracted sets of server history information into one or more viewing history series, in the following way.

In the server history information list 120 f, sets of server history information that belong to a same viewing history series are arranged adjacent to each other and in ascending order of playback ordinal numbers. This being so, the control unit 102 sequentially reads the extracted sets of server history information one by one, and compares a playback ordinal number in a set of server history information which is currently read with a playback ordinal number in a set of server history information which was read immediately before. If the playback ordinal number in the set of server history information is smaller than the playback ordinal number in the immediately preceding set of server history information, the control unit 102 judges that the immediately preceding set of server history information and the set of server history information represent a boundary between two viewing history series, and determines the immediately preceding set of server history information as belonging to one viewing history series and the set of server history information onward as belonging to another viewing history series.

In the server history information group 621 shown in FIG. 34, a group 631 of sets of server history information belongs to one viewing history series, a group 632 of other sets of server history information belongs to another viewing history series, and a group 633 of other sets of server history information belongs to another viewing history series. As shown in FIG. 34, the playback ordinal number drops from “3” to “1” at the boundary between the group 631 and the group 632.

In this way, the control unit 102 classifies all of the extracted sets of server history information into one or more viewing history series.

The control unit 102 then judges whether the viewing history series to which the received user history information list belongs is the same as any of the extracted viewing history series. If the judgment is affirmative, the control unit 102 calculates a total series number showing a total number of the extracted viewing history series. If the judgment is negative, the control unit 102 adds “1” to the number of the extracted viewing history series and calculates the total series number.

The control unit 102 compares the calculated total series number with a predetermined threshold value such as “100”. If the calculated total series number is more than “100”, the control unit 102 presumes that the device identified by the received device ID is an unauthorized device, sets the device judgment level to “3”, and writes the extracted device ID to the unauthorized device list. The control unit 102 also adds the received user history information list to the server history information list 120 f, and transmits the device judgment level to the register device 300 via the internet 10.

If the calculated total series number is no more than “100”, the control unit 102 presumes that the device identified by the received device ID is an authorized device, sets the device judgment level to “0”, adds the received user history information list to the server history information list 120 f, and transmits the device judgment level to the register device 300 via the internet 10.

(3) Operation when Purchasing a DVD

An operation of the management server device 100 when purchasing a DVD is described below, with reference to a flowchart of FIG. 33.

The register device 300 outputs a read instruction to read the user history information list to the loaded memory card 200 e (step S431). The memory card 200 e reads the user history information list 231 f from the general area 205 e (step S432), and outputs the read user history information list 231 f to the register device 300 (step S433).

The register device 300 transmits the received user history information list to the management server device 100 via the internet 10 (step S434).

The control unit 102 in the management server device 100 receives the user history information list from the memory card 200 e via the register device 300 and the internet 10 (steps S433-S434), and extracts a device ID from the received user history information list (step S435).

The control unit 102 then extracts all sets of server history information that include the extracted device ID, from the server history information list 120 f (step S436).

Through the use of the received user history information list and all of the extracted sets of server history information, the control unit 102 extracts viewing history series, calculates a total series number of the extracted viewing history series, and temporarily stores the calculated total series number (step S461).

The control unit 102 compares the calculated total series number with “100”. If the calculated total series number is more than “100” (step S462), the control unit 102 sets the device judgment level to “3” (step S439), and writes the extracted device ID to the unauthorized device list (step S440).

If the calculated total series number is no more than “100” (step S462), the control unit 102 sets the device judgment level to “0” (step S438).

The control unit 102 then writes the received user history information list to the server history information list 120 f (step S411), and transmits the device judgment level to the register device 300 via the internet 10 (step S442).

5. Other Modifications

Although the present invention has been described by way of the above embodiment, it should be obvious that the present invention is not limited to the above. Example modifications are given below.

(1) The above embodiment describes the case where a DVD player decrypts encrypted content stored on a DVD and plays back the decrypted content, but this is not a limit for the present invention. For example, a content playback device that acquires encrypted content via a network, decrypts the encrypted content, and plays back the decrypted content may be used instead of the DVD player. As an alternative, encrypted content may be broadcast by digital broadcasting, so that a digital broadcast reception device receives a broadcast wave, extracts the encrypted content from the received broadcast wave, decrypts the encrypted content, and plays back the decrypted content.

Also, encrypted content may be stored on a portable memory card together with an encrypted content key, so that a content playback device reads the encrypted content from the memory card, decrypts the encrypted content, and plays back the decrypted content.

(2) The above embodiment describes the case where one device key is assigned to one DVD player, but the number of device keys assigned to one playback device may be more than one. Alternatively, a plurality of devices may share a same device key.

(3) The above embodiment describes the case where content is encrypted using a content key and the content key is encrypted using a device key, but the present invention is not limited to this.

For example, one more level may be added to a key hierarchy such that content is encrypted using a content key, the content key is encrypted using a media key, and the media key is encrypted using a device key. There is no specific limit to the number of levels of the key hierarchy.

(4) The above embodiment describes the case where the management server device detects an unauthorized device by judging whether a device that uses content is authorized or unauthorized, but the present invention is not limited to such.

For instance, instead of applying the present invention to a content use system, the present invention may be applied to a commuter pass use system for trains or the like, so that a management device detects unauthorized use by judging whether a commuter pass is used authorizedly or unauthorizedly.

As one example, the commuter pass use system is constituted by a ticket gate installed at a station and a pair of a mobile terminal which has a device ID and a portable medium which stores commuter pass information and has a media ID. The portable medium is used in a state of being loaded in the mobile terminal. The ticket gate operates in the same way as the management server device in the above embodiment. The ticket gate manages pairs of device IDs and media IDs. If one portable medium is loaded to a mobile terminal of another person and used, the management device can detect that a media ID of this portable medium is used in pair with a different device ID. Thus, the management device can detect the unauthorized use of the portable medium.

In this case too, a threshold value may be provided to enable to set the number of devices (the number of device IDs) that can be used by one portable medium.

The present invention is equally applicable to other systems that detect an unauthorized device or unauthorized use based on device IDs and media IDs.

(5) The above embodiment describes the case where the user carries a portable medium to use a shop device, but this is not a limit for the present invention.

As one example, a MAC address may be used instead of a media ID. In this case, a device ID and a MAC address are transmitted to, a management device via a network, and the management device judges whether a device is unauthorized using the MAC address and, if not, transmits an encrypted content key.

Also, an IC card or the like that has unrewritable unique information may be used instead of the MAC address. The present invention is equally applicable to any configuration in which unrewritable or unchangeable unique information is used instead of a media ID.

(6) The above embodiment describes the case where a portable medium holds a unique media ID, but the present invention is not limited to such. For instance, a plurality of predetermined (manageable) portable media may have a same media ID.

(7) The above embodiment describes the case where a plurality of threshold values are set such that a warning is issued before judging that the device is unauthorized when one threshold value is exceeded, and the device is judged as unauthorized when another threshold value is exceeded. This can be modified to use only one threshold value. In such a case, the device is presumed to be unauthorized when the threshold value is exceeded, and authorized when the threshold value is not exceeded.

(8) In the above embodiment and modifications, an IC card may be used instead of a memory card.

(9) In the above embodiment and modifications, the management server device 100 and the register device 300 may be combined to form one device.

(10) Each of the aforedescribed devices can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored on the RAM or the hard disk unit. Here, to attain predetermined functions, the computer program is structured by combining a plurality of instruction codes showing commands to a computer. The functions of each device can be achieved by the microprocessor operating in accordance with this computer program. Which is to say, the microprocessor reads the instructions included in the computer program one by one, decodes the read instruction, and operates in accordance with a decoding result.

(11) The elements constituting each of the aforedescribed devices may be partially or entirely implemented by a single system LSI (Large Scale Integration). The system LSI is an ultra-multifunctional LSI manufactured by integrating multiple components on a single chip, and can actually be realized by a computer system that includes a microprocessor, a ROM, a RAM, and the like. A computer program is stored on the RAM. Functions of the system LSI can be achieved by the microprocessor operating in accordance with this computer program.

The elements constituting each of the aforedescribed devices may be individually implemented by one chip, or partly or wholly implemented by one chip. Also, though the LSI is described here, the circuit may be called an IC, a system LSI, a super LSI, or an ultra LSI, depending on the degree of integration.

Also, the integration is not limited to the LSI, and may be performed using a dedicated circuit or a general processor. A FPGA (Field Programmable Gate Array) that can be programmed or a reconfigurable processor capable of reconfiguring connections and settings of circuit cells in an LSI may be used after producing the LSI.

(12) The elements constituting each of the aforedescribed devices may be partially or entirely implemented by a removable IC card or a discrete module. The IC card or the module referred to here is a computer system that includes a microprocessor, a ROM, a RAM, and the like. The IC card or the module may contain the above ultra-multifunctional LSI. Functions of the IC card or the module can be achieved by the microprocessor operating in accordance with the computer program. Here, the IC card or the module may be tamper-resistant.

(13) The present invention also applies to the method described above. This method may be realized by a computer program that is executed by a computer. Such a computer program may be distributed as a digital signal.

The present invention may be realized by a computer-readable recording medium, such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc), or a semiconductor memory, on which the above computer program or digital signal is recorded. Conversely, the present invention may also be realized by the computer program or digital signal that is recorded on such a recording medium.

The computer program or digital signal that achieves the present invention may also be transmitted via a network, such as an electronic communications network, a wired or wireless communications network, or an internet, or via data broadcasting.

The present invention can also be realized by a computer system that includes a microprocessor and a memory. In this case, the computer program can be stored in the memory, with the microprocessor operating in accordance with this computer program.

The computer program or the digital signal may be provided to an independent computer system by distributing a recording medium on which the computer program or the digital signal is recorded, or by transmitting the computer program or the digital signal via a network. The independent computer system may then execute the computer program or the digital signal to function as the present invention.

(14) The above embodiment and modifications may be freely combined.

(15) Conclusion

As described above, the present invention is an unauthorized device detection system that includes a use device for using content, a management device for managing whether the use device is unauthorized or not, and a portable medium for storing data. The user device includes: a storage unit operable to store device identification information for identifying the device. The portable medium includes: a first storage area for storing the device identification information; and a second storage area for storing media identification information for identifying the portable medium. The management device includes: a read unit operable to read the device identification information and the media identification information respectively from the first storage area and the second storage area of the portable medium; and a judgment unit operable to judge, from the read device identification information and media identification information, whether the use device holding the device identification information is an unauthorized device.

Here, the management device may include: a table generation unit operable to generate a management table for managing the media identification information based on the device identification information.

Here, the management device may include: a threshold value storage unit operable to store a threshold value for judging whether the use device is an unauthorized device, wherein the table generation unit in the management device counts a total number of sets of media identification information based on the device identification information and generates the management table storing the counted total number, and the judgment unit in the management device judges that the use device is an unauthorized device when the counted total number exceeds the threshold value stored in the threshold value storage unit.

Here, the threshold value storage unit in the management device may store one or more threshold values for each set of device identification information.

Here, the management device may include: a device key storage unit operable to store a device key in correspondence with the device identification information; a selection unit operable to select a content key necessary for using the content; an encryption nit operable to encrypt the selected content key using the device key corresponding to the device identification information; and a write unit operable to write the encrypted content key to the portable medium, wherein the portable medium includes a third storage area for storing the encrypted content key.

Here, the use device may include: a judgment unit operable to judge whether the device identification information stored therein is stored on the portable medium; and a write unit operable to write, if the device identification information is not stored on the portable medium, the device identification information to the first storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content, wherein the use device includes: a read unit operable to read the encrypted content key corresponding to the device from the third storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content; and a fourth storage area for storing the content encrypted using a content key, wherein the use device includes: a read unit operable to read the encrypted content from the fourth storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content, wherein the use device includes: a judgment unit operable to judge whether the encrypted content key necessary for the device exists in the third storage area of the portable medium.

Here, the portable medium may be a memory card.

Here, the portable medium may be an IC card.

Also, the present invention is a management device for managing whether a use device that uses content is unauthorized or not, wherein a portable medium for storing data includes: a first storage area for storing device identification information for identifying the use device; and a second storage area for storing media identification information for identifying the portable medium, and the management device includes: a read unit operable to read the device identification information and the media identification information respectively from the first storage area and the second storage area of the portable medium; and a judgment unit operable to judge, from the read device identification information and media identification information, whether the use device holding the device identification information is an unauthorized device.

Here, the management device may include: a table generation unit operable to generate a management table for managing the media identification information based on the device identification information.

Here, the management device may include: a threshold value storage unit operable to store a threshold value for judging whether the use device is an unauthorized device, wherein the management table generation unit in the management device counts a total number of sets of media identification information based on the device identification information and generates the management table storing the counted total number, and the judgment unit in the management device judges that the use device is an unauthorized device when the counted total number exceeds the threshold value stored in the threshold value storage unit.

Here, the threshold value storage unit in the management device may store one or more threshold values for each set of device identification information.

Here, the management device may include: a device key storage unit operable to store a device key in correspondence with the device identification information; a selection unit operable to select a content key necessary for using the content; an encryption nit operable to encrypt the selected content key using the device key corresponding to the device identification information; and a write unit operable to write the encrypted content key to the portable medium.

Also, the present invention is a use device for using content, wherein a portable medium for storing data includes: a first storage area for storing device identification information for identifying the use device; and a second storage area for storing media identification information for identifying the portable medium, and the use device includes: a storage unit operable to store the device identification information for identifying the device.

Here, the use device may include: a judgment unit operable to judge whether the device identification information stored therein is stored on the portable medium; and a write unit operable to write, if the device identification information is not stored on the portable medium, the device identification information to the first storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content, wherein the use device includes: a read unit operable to read the encrypted content key corresponding to the device from the third storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content; and a fourth storage area for storing the content encrypted using a content key, wherein the use device includes: a read unit operable to read the encrypted content from the fourth storage area of the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content, wherein the use device includes: a judgment unit operable to judge whether the encrypted content key necessary for the device exists in the third storage area of the portable medium.

Also, the present invention is a portable medium for storing data, including: a first storage area for storing device identification information for identifying a use device for using content; and a second storage area for storing media identification information for identifying the portable medium.

Here, the portable medium may include: a third storage area for storing an encrypted content key necessary for using the content.

Here, the portable medium may be a memory card.

Here, the portable medium may be an IC card.

Also, the present invention is an unauthorized use detection system that includes a management device for managing unauthorized use and a portable medium for storing data. The portable medium includes: a first storage area for storing device identification information for identifying a use device; and a second storage area for storing media identification information for identifying the portable medium. The management device includes: a read unit operable to read the device identification information and the media identification information respectively from the first storage area and the second storage area of the portable medium; and a judgment unit operable to judge, from the read device identification information and media identification information, whether the use device holding the device identification information is unauthorizedly used.

Here, the management device may include: a table generation unit operable to generate a management table for managing a pair of the device identification information and the media identification information; and a judgment unit operable to judge, based on the media identification information, that the use is unauthorized when different device identification information is obtained.

Here, the management device may include: a storage unit operable to store a different threshold value for each set of media identification information.

Also, the present invention is a management device for managing unauthorized use, wherein a portable medium for storing data includes: a first storage area for storing device identification information for identifying a use device; and a second storage area for storing media identification information for identifying the portable medium, and the management device includes: a read unit operable to read the device identification information and the media identification information respectively from the first storage area and the second storage area of the portable medium; and a judgment unit operable to judge, from the read device identification information and media identification information, whether the use device holding the device identification information is unauthorizedly used.

Here, the management device may include: a table generation unit operable to generate a management table for managing a pair of the device identification information and the media identification information; and a judgment unit operable to judge, based on the media identification information, that the use is unauthorized when different device identification information is obtained.

Here, the management device may include: a storage unit operable to store a different threshold value for each set of media identification information.

Also, the present invention is an unauthorized device detection method used in a use device for using content, a management device for managing whether the use device is unauthorized, and a portable medium for storing data, the unauthorized device detection method including: a storage step of, in the use device, storing device identification information for identifying the device; a first storage step of, in the portable medium, storing the device identification information; a second storage step of, in the portable medium, storing media identification information for identifying the portable medium; a read step of, in the management device, reading the device identification information and the media identification information respectively from a first storage area and a second storage area of the portable medium; and a judgment step of, in the management device, judging, from the read device identification information and media identification information, whether the use device holding the device identification information is an unauthorized device.

INDUSTRIAL APPLICABILITY

Each device and recording medium constituting the present invention can be used recurrently and continuously in any industry that requires detection of an unauthorized device, and especially in a content distribution industry for producing and distributing content. Also, each device and recording medium constituting the present invention can be manufactured and sold recurrently and continuously in an electric device manufacturing industry. 

1. A detection device for detecting an unauthorized device manufactured by copying, comprising: a media number storage unit operable to store a total media number corresponding to a device identifier, the total media number being a total number of rewritable portable media used by one or more devices, including a target device, that hold the device identifier; a comparison unit operable to compare the total media number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total media number is greater than the threshold value.
 2. The detection device of claim 1, further comprising: a calculation unit that includes: an acquisition unit operable to acquire, from a rewritable portable medium used by the target device, a media identifier for identifying the portable medium and the device identifier held by the target device; a storage unit operable to store, in correspondence with a device identifier held by each past target device, one or more media identifiers respectively for identifying one or more rewritable portable media used by the past target device; and a calculating unit operable to calculate, using the stored device identifier and one or more media identifiers and the acquired device identifier and media identifier, a total number of media identifiers corresponding to a same device identifier as the acquired device identifier, as the total media number, and write the calculated total media number to the media number storage unit.
 3. The detection device of claim 2, wherein the comparison unit further compares the total media number with a warning value that is smaller than the threshold value, and the identifier storage unit further stores the device identifier if the total media number is no greater than the threshold value but is greater than the warning value.
 4. The detection device of claim 2, wherein the target device is a playback device for decrypting encrypted content and playing back the decrypted content, and the detection device further comprises: a prohibition unit operable to prohibit to output a decryption key used for decrypting the encrypted content to the portable medium, if the total media number is greater than the threshold value; and an output unit operable to output the decryption key to the portable medium, if the total media number is no greater than the threshold value.
 5. The detection device of claim 1 for detecting an unauthorized device manufactured by copying, comprising: a series number storage unit operable to store a total series number corresponding to a device identifier, the total series number being a total number of viewing history series of content viewed by one or more devices, including a target device, that hold the device identifier; a comparison unit operable to compare the total series number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total series number is greater than the threshold value.
 6. The detection device of claim 1 for detecting an unauthorized device manufactured by copying, comprising: a storage unit operable to store, in correspondence with a device identifier held by each past target device, one or more content identifiers respectively for identifying one or more sets of content viewed by the past target device; an acquisition unit operable to acquire, from a rewritable portable medium used by a target device, one or more content identifiers respectively for identifying one or more sets of content viewed by the target device and a device identifier held by the target device; an extraction unit operable to extract one or more content identifiers corresponding to a same device identifier as the acquired device identifier, from the storage unit; a comparison unit operable to compare the extracted one or more content identifiers and the acquired one or more content identifiers; and a registration unit operable to register the acquired device identifier to an unauthorized device list, if none of the extracted one or more content identifiers matches any of the acquired one or more content identifiers.
 7. The detection device of claim 6, wherein the storage unit further stores, in a one-to-one correspondence with the one or more content identifiers, one or more viewing ordinal numbers representing an order in which the one or more sets of content identified by the one or more content identifiers were viewed by the past target device, the acquisition unit further acquires, in a one-to-one correspondence with the one or more content identifiers, one of more viewing ordinal numbers representing an order in which the one or more sets of content identified by the one or more content identifiers were viewed by the target device, the extraction unit further extracts one or more viewing ordinal numbers corresponding to the one or more content identifiers that correspond to the same device identifier as the acquired device identifier, from the storage unit, the comparison unit further compares the extracted one or more viewing ordinal numbers and the acquired one or more viewing ordinal numbers, and the registration unit further registers the acquired device identifier to the unauthorized device list, if the extracted one or more content identifiers match the acquired one or more content identifiers but a viewing ordinal number corresponding to one of the extracted one or more content identifiers is different from a viewing ordinal number corresponding to a matching one of the acquired one or more content identifiers.
 8. The detection device of claim 6, wherein the target device is a playback device for decrypting encrypted content and playing back the decrypted content, and the detection device further comprises: a prohibition unit operable to prohibit to output a decryption key used for decrypting the encrypted content to the portable medium, if none of the extracted one or more content identifiers matches any of the acquired one or more content identifiers; and an output unit operable to output the decryption key to the portable medium, if any of the extracted one or more content identifiers matches any of the acquired one or more content identifiers.
 9. A playback device for playing back content, comprising: an identifier storage unit operable to store a device identifier for identifying the playback device; a history storage unit operable to store, each time content is played back, playback history information regarding the playback of the content together with a playback ordinal number of the content; and a write unit operable to write the device identifier, the playback history information, and the playback ordinal number to a portable medium.
 10. A detection system including: a detection device for detecting an unauthorized device manufactured by copying; and a target device, the detection device comprising: a media number storage unit operable to store a total media number corresponding to a device identifier, the total media number being a total number of rewritable portable media used by one or more devices, including the target device, that hold the device identifier; a comparison unit operable to compare the total media number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total media number is greater than the threshold value, and the target device comprising: a write unit operable to write the device identifier held by the target device, to a portable medium.
 11. A detection method used in a detection device for detecting an unauthorized device manufactured by copying and including a media number storage unit operable to store a total media number corresponding to a device identifier, the total media number being a total number of rewritable portable media used by one or more devices, including a target device, that hold the device identifier, the detection method comprising steps of: comparing the total media number with a predetermined threshold value used for unauthorized device detection; and an identifier storage unit operable to store the device identifier if the total media number is greater than the threshold value.
 12. A computer program for unauthorized device detection used in a detection device for detecting an unauthorized device manufactured by copying and including a media number storage unit operable to store a total media number corresponding to a device identifier, the total media number being a total number of rewritable portable media used by one or more devices, including a target device, that hold the device identifier, the computer program comprising steps of: comparing the total media number with a predetermined threshold value used for unauthorized device detection; and storing the device identifier if the total media number is greater than the threshold value.
 13. The computer program of claim 12 recorded on a computer-readable recording medium. 